Data Protection

Thank you for your interest in our website. As a member of the "Verein sicherer und seriöser Internetshopbetreiber e. V.", the protection of your personal data is a serious concern for us. In the following, we will inform you transparently and in understandable language about the data collection and its scope, what your data is used for and what rights you have.

Your data will be collected, stored and processed in compliance with the relevant legal regulations. Personal data are all types of data with which you can be identified as a person.


PRIVACY POLICY

1. Who is responsible for data processing?
For the purposes of the General Data Protection Regulation (GDPR) and other national data protection laws of the member states as well as other data protection provisions, the controller is a natural or legal person who alone or jointly with others determines the purposes and means of the processing of personal data (names, contact details etc.).

Responsible for data processing on this website is:

Thomas Prachtel
Am Schänzel 3
69151 Neckargemünd
( Germany )

Phone: +49 6223 7393746
E-mail: tee@mein-teekontor.de

2. What data is collected on our website?
2.1 Automated collection of data and how this data is processed
Each time our website is accessed, our system automatically records data and information from the computer system of the accessing computer in so-called server log files. This data is partly technically necessary in order to display our website. No merging with data from other sources is carried out. The following data is collected:
 
The legal basis for data processing is Art. 6 para. 1 lit. f of the GDPR, which allows us to process data in the case of a legitimate interest. Our legitimate interest in this case is the reliable and error-free functioning of our website. No other processing of this data takes place.

2.2 Collection of personal data and how these data are processed
2.2.1 Data collection and processing when opening a customer account and during contract processing
If you open a customer account on our website, this is done voluntarily. Registration is not a prerequisite for concluding a contract. Data is only collected to the minimum extent necessary; the mandatory data can be recognised by the correspondingly marked input fields. Deletion of the customer account is possible at any time and free of charge. If you wish to delete your data, please contact the person responsible for data processing. This person is named under point 1 of this data protection declaration.

We only use your data for the purpose for which you have registered or for the execution of a contract. The legal basis for data processing is Art. 6 para. 1 lit. b of the GDPR, which allows us to process data if this is necessary for the performance of a contract with you or for the implementation of a pre-contractual measure.

The collected customer data will be blocked after completion of the order, after termination of the business relationship or after deletion of your customer account and will be deleted after expiry of retention periods under tax and commercial law, unless you have consended to further use of your data.

2.2.2 Data collection and processing when using our e-mail address or contact function
In the case of e-mails or messages via the contact form, we store your data until the processing of your message has been completed. The mandatory data in the mask of the contact form can be recognised by the correspondingly marked input fields. The data will be used exclusively for processing your request; after processing is completed, your data will be deleted. The legal basis for data processing is Art. 6 para. 1 lit. f of the GDPR, which allows us to process data in the case of a legitimate interest. Our legitimate interest in this case is to reply to your message or to process your request.

2.2.3 Newsletter function, data processing and objection option
We send our newsletter using the newsletter service Cleverreach GmbH & Co. KG, Mühlenstrasse 43, 26180 Rastede (Germany). Cleverreach is a member of the Certified Senders Alliance and was selected in accordance with the requirements of the General Data Protection Regulation and the German Federal Data Protection Act. We transfer your e-mail address to CleverReach solely for the purpose of sending you our newsletter. Cleverreach is prohibited from selling your data and using it for purposes other than sending newsletters. Your data is stored by CleverReach in such a way that other CleverReach customers or third parties do not have access to this data. For more information, please see CleverReach's privacy policy.

2.2.3.1 You have subscribed to our newsletter:
If you subscribe to our free newsletter, data from the registration mask will be transmitted to us. The mandatory data can be recognised by the correspondingly marked input fields and are limited to the minimum required (e-mail address). For the processing of your data, consend is obtained during the registration process and reference is made to this data protection declaration. The legal basis for data processing is Article 6 (1) (a) of the GDPR, which allows us to process the data if you have consended to the processing.

The data will not be passed on to third parties, but will be used exclusively for sending newsletters. The subscription to the newsletter (your consend) can be revoked at any time for the future. To revoke your consend, a link to unsubscribe from the newsletter is included in every newsletter, but you can also unsubscribe directly via our website. The request to unsubscribe from the newsletter can of course also be addressed directly to the data controller. This person is named under point 1 of this data protection declaration.

After unsubscribing from the newsletter, the data will be deleted unless you have consended to further use, or we reserve the right to further use (as explained below under 2.2.3.2), which is permitted by law.

2.2.3.2 E-mail advertising to our existing customers without registering for the newsletter and your right to object:
If we receive your e-mail address in connection with the sale of a product or service and you have not objected to this, we reserve the right, on the basis of Section 7 (3) of the German Unfair Competition Act (UWG), to regularly send you offers by e-mail for similar products to those already purchased from our range. This serves to protect our legitimate interests in addressing our customers in an advertising manner, which outweigh our interests in the context of a balancing of interests. The legal basis for data processing is Article 6 (1) (f) of the GDPR, which allows us to process data in the event of a legitimate interest.
 
You can object to this use of your e-mail address at any time by sending a message to the contact option described under point 1 or via a link provided for this purpose in the advertising e-mail, without incurring any costs other than the transmission costs in accordance with the basic rates.


2.2.4 Rating system on our website
We offer registered users a rating system to submit individual comments, opinions and ratings on individual products. If you leave a rating on this website, details of when you entered your comments and your user name will be stored and published in addition to the comments you leave. The user name is pseudonymised so that third parties cannot see your full name. The pseudonym is composed of your first name and the first letter of your surname, followed by a full stop.

Furthermore, the IP address assigned by your internet service provider is also logged. This storage of the IP address takes place for security reasons and only in the event that you infringe the rights of third parties by posting a comment or post illegal content. The storage of this personal data is therefore in the controller's own interest, so that the controller could exculpate itself if necessary in the event of an infringement. There will be no disclosure of this collected personal data to third parties, unless such disclosure is required by law or serves the legal defence of the controller.

2.3 Disclosure of data to third parties for the performance of the contract
For payment transactions and for the delivery of goods, we pass on personal data to service providers (third parties) to the minimum extent necessary, insofar as this is necessary for the performance of the contract.

2.3.1 Transfer to shipping service providers
If we pass on your data to our shipping service provider (DHL), the legal basis for this is Art. 6 Para. 1 lit. b of the GDPR, which allows us to process the data if this is necessary for the performance of a contract with you or for the implementation of a pre-contractual measure.

2.3.2 Disclosure to payment service providers
If we pass on your payment data to the commissioned credit institution, the legal basis for this is Art. 6 (1) lit. b of the GDPR, which allows us to process the data if this is necessary for the performance of a contract with you or for the implementation of a pre-contractual measure. On our website, you have the choice of various payment service providers. In the following, we will inform you about which data is passed on and on the basis of which legal situation this occurs:

2.3.2.1 PayPal
If you choose this payment service provider, the data required for payment will be passed on to PayPal (PayPal Europe, S.à.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg). The legal basis for this is Article 6(1)(a) of the GDPR, which allows us to process the data if you have consended to the processing, and Article 6(1)(b) of the GDPR, which allows us to process the data if this is necessary for the performance of a contract with you or for the implementation of a pre-contractual measure. You have the right to revoke your declaration of consend at any time. The revocation of the consend does not affect the lawfulness of the processing carried out on the basis of the consend until the revocation.

You can object to the processing of your personal data at any time. However, PayPal may still be entitled to process, use and transmit the personal data if this is necessary for PayPal to process payments in accordance with the contract, is required by law or is required by a court or authority.

If you wish to object to the use of your data or wish to communicate changes regarding the stored data, you can contact PayPal directly. You can also find more information about PayPal's privacy policy on their website.

2.3.2.2 Secupay (Credit Card, Direct Debit)
If you choose this payment service provider, the order data and your personal data will be passed on to Secupay AG, Goethestrasse 6, 01896 Pulsnitz. Order data is data on the items, the delivery method and the invoice total, your personal data here is your first name, surname, address, telephone number, e-mail address and IP address.

When paying by Credit Card, data is only passed on for the purpose of processing the payment. The legal basis for this is Art. 6 para. 1 lit. b of the GDPR, which allows us to process the data if this is necessary for the performance of a contract with you or for the implementation of a pre-contractual measure.

When paying by Direct Debit, Secupay AG may obtain identity and creditworthiness information. Information on your previous payment history and creditworthiness information based on mathematical-statistical procedures using address data (scoring) is obtained from:
 
A credit report may contain scoring values (= probability values). The so-called scoring values have their basis in a scientifically recognised mathematical-statistical procedure. The calculation of the score values also (but not exclusively) includes your address data.

The legal basis for this is Article 6 (1) (f) of the GDPR, which allows the processing of data in the case of a legitimate interest. The legitimate interest in this case is to establish your identity and solvency.

If you wish to object to the use of your data or wish to communicate changes regarding the stored data, you can contact Secupay directly.

You can obtain further information on the processing and storage of your data directly from secupay AG.

2.4 Disclosure of data for advertising purposes to third parties
2.4.1 Integration of the Trusted Shops Trustbadge
In order to display our Trusted Shops seal of approval and the reviews collected, if any, as well as to offer Trusted Shops products to buyers after an order, the Trusted Shops trust badge is integrated on this website.

This serves to protect our legitimate interests in optimal marketing by enabling secure shopping in accordance with Art. 6 para. 1 p. 1 lit. f GDPR, which prevail in the context of a balancing of interests. The trust badge and the services advertised with it are an offer of Trusted Shops GmbH, Subbelrather Str. 15C, 50823 Cologne. The Trustbadge is provided by a CDN provider (Content Delivery Network) within the framework of order processing. Trusted Shops GmbH also uses service providers from the USA. An appropriate level of data protection is ensured. Further information on the data protection of Trusted Shops GmbH can be found » here.

When the Trustbadge is called up, the web server automatically saves a so-called server log file, which also contains your IP address, date and time of the call-up, amount of data transferred and the requesting provider (access data) and documents the call-up. Individual access data are stored in a security database for the analysis of security anomalies. The log files are automatically deleted no later than 90 days after creation.

Further personal data will be transferred to Trusted Shops GmbH if you decide to use Trusted Shops products after completing an order or have already registered to use them. The contractual agreement between you and Trusted Shops applies. For this purpose, personal data is automatically collected from the order data. Whether you as a buyer are already registered for product use is automatically checked using a neutral parameter, the e-mail address hashed by cryptological one-way function. The e-mail address is converted into this hash value, which cannot be decrypted by Trusted Shops, before it is transmitted. After checking for a match, the parameter is automatically deleted.

This is necessary for the fulfilment of our and Trusted Shops' overriding legitimate interests in the provision of the buyer protection linked to the specific order in each case and the transactional evaluation services pursuant to Art. 6 (1) sendence 1 lit. f GDPR. Further details, including the objection, can be found in the Trusted Shops privacy policy linked above and in the Trustbadge.

2.4.1.1 Data transmission when visiting the online shop with integrated Trusted Shops Trustbadge
As is the case when calling up a website, the retrieval of the trust badge integrated in a shop by a browser client (i.e. at the same time as calling up the shop page) automatically generates a web server log entry. Since this is a standard format, it contains information about the retrieving browser client (see point 2.1 of this data protection declaration). This data is usage data that accumulates during any data transmission on the Internet.

Trusted Shops does not create any usage profiles from this usage data and does not draw any conclusions about the person of the website visitor. This data is evaluated solely to ensure trouble-free operation. In addition, no personal data (e.g. name, e-mail address, etc.) is automatically transmitted to or stored by Trusted Shops simply by visiting a shop page on which the trust badge is integrated.

2.4.1.2 Data transmission to Trusted Shops for an order in the online shop
If the buyer does not use the Trusted Shops products themselves, only the order number is transmitted to Trusted Shops when the trust badge is integrated. This serves, in particular, to verify subsequent guarantees or ratings.

Further data, in particular personal data, is only transferred if the Trusted Shops products for buyers are actively used by the shop customer and he/she agrees to the data transfer accordingly, or has done so in the past for future purchases.

Only the data that is minimally required for the use of Trusted Shops products is collected. When using the Trusted Shops buyer protection with shop rating, this is usually the order date, the order number, any existing customer number, the order total, the currency, if applicable the expected delivery date, the payment method and the e-mail address of the buyer. If product ratings are integrated by the shop, the URL of the product and the product image, the product name, the product SKU, GTIN and MPN as well as the manufacturer are also collected. If a rating reminder is send without Trusted Shops Buyer Protection, only the order number and the e-mail address are required. Trusted Shops does not receive any other personal data from users in this way.

Whether the buyer is already registered for product use is automatically checked using a neutral parameter, the e-mail address hashed by cryptological one-way function (MD5 procedure). The e-mail address is converted into this hash value, which cannot be decrypted by Trusted Shops, before it is transmitted. If there is no match, the parameter is discarded. The e-mail address is then only collected if the buyer decides to use Trusted Shops products. The buyer's e-mail address in plain text or other data is not transmitted during automatic transmission.

The data received will be used exclusively for the processing of the concluded contracts and stored on the servers of Trusted Shops for the duration of the mutual fulfilment of the contract. Thereafter, the data will be blocked for further use and finally deleted after the expiry of any retention periods under commercial and tax law.

3. Cookies
Our website uses so-called cookies. Cookies are text files that are stored in the Internet browser or by the Internet browser on your computer.

Some elements of our website require that the calling browser can be identified even after a page change. For example, to store and transmit the items in your shopping cart or your login information. The cookies we use are technically necessary cookies which are automatically deleted after closing the browser. Some cookies remain stored on your device and enable recognition on your next visit to the site. The legal basis for data processing is Art. 6 (1) (f) of the GDPR, which allows us to process data in the case of a legitimate interest. Our legitimate interest in this case is to provide you with a technically error-free and functionally optimised website.

You can set your browser so that you are informed about the setting of cookies and then only allow these cookies in individual cases. Likewise, you can generally exclude the acceptance of cookies or only accept them for certain cases. In addition, you can set your browser so that set cookies are deleted after closing the browser window. Each browser differs in the way it manages cookie settings. These are described in the help menu of each browser, which explains how you can change your cookie settings.

Please note that if you do not accept cookies, our website will only function to a limited extent.

3.1 Technically necessary cookies set by our website
The MODsid cookie is a so-called session cookie. This cookie contains a unique ID as anonymous user information, which is used to assign the user to the page called up in order to guarantee the basic functionality of the shop, for example the shopping basket function. The session cookie is usually deleted again when the browser is closed.
The cookie MODtest is a test cookie to determine whether the browser allows cookies.
The cookie MODtrack is set by the cookie banner and stores the visitor's decision about setting cookies.

4. How is the data backed up?
The transmission of personal data is exclusively encrypted via an SSL or TLS connection. This applies both to messages via our contact function and to data relating to your order and payment transactions. Due to the encryption, your sensitive personal data cannot be intercepted and viewed by unauthorised third parties. You can recognise an encrypted connection by the fact that the address line of the browser begins with "https://" and by the lock symbol in the browser line.

The data stored in the systems of our website are secured by passwords and cannot be viewed by unauthorised third parties. The transmission of data on the Internet, for example when sending an e-mail, is not 100% secure and may in some cases have security vulnerabilities.

5. How long will the personal data be stored?
How long your personal data is stored by us depends on the respective statutory retention period. The retention periods under commercial and tax law are 10 years from the end of the calendar year in which the data was collected. After expiry of the periods, the data is regularly deleted unless it is still required for the initiation or fulfilment of the contract or we have a justified interest in continuing to store it.

6. What rights do you have vis-à-vis the data controller?
Below we list the rights you have under the GDPR vis-à-vis the data controller. The data controller is named under point 1 of this privacy policy. If personal data is processed by you, you are a "data subject" within the meaning of the GDPR.

6.1 Your right to information pursuant to Art. 15 of the GDPR
You can request information from the data controller as to whether your personal data are being processed. If such processing is taking place, you may also request information about the following:

6.1.1 the purposes for which such personal data are processed;
6.1.2 the categories of personal data processed;
6.1.3 the recipients or categories of recipients to whom the personal data concerning you have been or will be disclosed;
6.1.4 the planned storage period of the personal data relating to you or, if no specific information can be provided in this regard, the criteria for determining the storage period;
6.1.5 the existence of a right to rectify or erase personal data concerning you, the existence of a right to restrict processing by the data controller or a right to object to such processing;
6.1.6 the existence of a right to lodge a complaint with a supervisory authority (the competent authority is the State Data Protection Commissioner of the federal state in which we have our registered office. Addresses and links can be found » here);
6.1.7 any available information on the origin of the data if the personal data are not collected from the data subject (i.e., you);
6.1.8 the existence of automated decision-making, including profiling, pursuant to Article 22(1) and (4) of the GDPR and, at least in these cases, meaningful information about the logic involved and the scope and intended effects of such processing for the data subject.

You have the right to request information on whether the personal data concerning you is transferred to a third country or to an international organisation. In this context, you may request to be informed about the appropriate safeguards pursuant to Art. 46 of the GDPR in connection with the transfer.

6.2 Your right to rectification pursuant to Art. 16 of the GDPR
You have the right to obtain from the data controller the rectification and/or integration without undue delay of any personal data processed concerning you which is inaccurate or incomplete.

6.3 Your right to erasure pursuant to Art. 17 of the GDPR
You may request the data controller to delete the personal data concerning you without delay. The data controller is obliged to delete this personal data without delay if one of the following reasons applies:

6.3.1 Obligation of deletion
6.3.1.1 The personal data concerning you are no longer necessary for the purposes for which they were collected or otherwise processed.
6.3.1.2 You revoke your consend on which the processing was based pursuant to Art. 6 Para. 1 lit. a or Art. 9 Para. 2 lit. a GDPR and there is no other legal basis for the processing.
6.3.1.3 You object to the processing of the data pursuant to Article 21(1) of the GDPR and there are no overriding legitimate grounds for the processing or you object to the processing pursuant to Article 21(2) of the GDPR.
6.3.1.4 The personal data concerning you have been processed unlawfully.
6.3.1.5 The deletion of the personal data concerning you is necessary for compliance with a legal obligation under Union or Member State law to which the controller is subject.
6.3.1.6 The personal data concerning you have been collected in relation to information society services offered pursuant to Art. 8 para. 1 GDPR.

6.3.2 Information to third parties
If the data controller has made the personal data concerning you public and is obliged to erase it pursuant to Article 17(1) of the GDPR, it shall take reasonable steps, including technical measures, having regard to the available technology and the cost of implementation, to inform the data controllers processing the personal data that you, as the data subject, have requested that they erase all links to, or copies or replications of, those personal data.

6.3.3 Exceptions
The right to erasure does not exist insofar as the processing is necessary

6.3.3.1 on the exercise of the right to freedom of expression and information;
6.3.3.2 for compliance with a legal obligation which requires processing under Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
6.3.3.3 for reasons of public interest in the area of public health pursuant to Art. 9 Para. 2 lit. h and i and Art. 9 Para. 3 GDPR;
6.3.3.4 for archiving purposes in the public interest, scientific or historical research purposes or for statistical purposes pursuant to Art. 89 para. 1 GDPR, insofar as the right referred to in section a) is likely to render impossible or seriously prejudice the achievement of the purposes of such processing, or
6.3.3.5 to assert, exercise or defend legal claims.

6.4 Your right to restriction of processing pursuant to Art. 18 of the GDPR
You have the right to require the data controller to restrict processing if one of the following conditions is met:

6.4.1 if you contest the accuracy of the personal data relating to you for a period enabling the controller to verify the accuracy of the personal data;
6.4.2 the processing is unlawful and you object to the erasure of the personal data and request the restriction of the use of the personal data instead;
6.4.3 the controller no longer needs the personal data for the purposes of processing, but you need it for the assertion, exercise or defence of legal claims or
6.4.4 if you have objected to the processing pursuant to Art. 21 para. 1 GDPR and it has not yet been determined whether the legitimate grounds of the controller override your grounds.

Where the processing of personal data relating to you has been restricted, those data may be processed, with the exception of storage, only with your consend or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of substantial public interest of the Union or of a Member State.

If the restriction of processing has been restricted in accordance with the above conditions, you will be informed by the controller before the restriction is lifted.

6.5 Your right to information pursuant to Art. 19 of the GDPR
If you have asserted the right to rectification, erasure or restriction of processing against the data controller, the latter shall be obliged to communicate this rectification or erasure of the data or restriction of processing to all recipients to whom the personal data concerning you have been disclosed, unless this proves impossible or involves a disproportionate effort.

You have the right to be informed of these recipients by the controller.

6.6 Your right to data portability pursuant to Art. 20 of the GDPR
You have the right to receive the personal data concerning you that you have provided to the data controller in a structured, commonly used and machine-readable format and you have the right to transmit this data to another data controller without hindrance from the data controller to whom the personal data was provided, provided that.

6.6.1 the processing is based on consend pursuant to Article 6(1)(a) or Article 9(2)(a) or on a contract pursuant to Article 6(1)(b) and
6.6.2 the processing is carried out with the aid of automated procedures.

When exercising your right to data portability, you also have the right to obtain that the personal data be transferred directly from one data controller to another data controller, where this is technically feasible.

This right to data portability shall not apply to processing necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

The right to data portability shall not affect the rights and freedoms of other persons.

6.7 Your right to revoke the declaration of consend under data protection law
You have the right to revoke your declaration of consend under data protection law at any time. The revocation of the consend does not affect the lawfulness of the processing carried out on the basis of the consend until the revocation.

6.8 Automated decision-making in individual cases, including profiling
You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. This does not apply if the decision

6.8.1 is necessary for the conclusion or performance of a contract between you and the responsible person,
6.8.2 is permitted by legislation of the European Union or the Member States to which the controller is subject and that legislation contains appropriate measures to safeguard your rights and freedoms as well as your legitimate interests, or
6.8.3 is done with your express consend.

However, these decisions must not be based on special categories of personal data pursuant to Article 9(1) of the GDPR, unless Article 9(2)(a) or (g) of the GDPR applies and appropriate measures have been taken to protect the rights and freedoms of individuals and their legitimate interests.

With regard to the cases referred to in 6.8.1 and 6.8.3, the data controller shall take reasonable steps to safeguard the rights and freedoms as well as your legitimate interests, including at least the right to obtain the intervention of a data subject from the controller, to express his or her point of view and to contest the decision.

6.9 Your right to complain to a supervisory authority
Without prejudice to any other administrative or judicial remedy, you shall have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your residence, place of work or the place of the alleged infringement, if you consider that the processing of personal data relating to you infringes the GDPR.

The supervisory authority to which the complaint has been lodged shall inform the complainant of the status and outcome of the complaint, including the possibility of a judicial remedy pursuant to Art. 78 of the GDPR.

 
6.10 Right of objection
You have the right, for reasons arising from your particular situation, to object at any time with effect for the future to the processing of personal data relating to you which is carried out on the basis of Art. 6 Para. 1 lit. e or f GDPR; this also applies to profiling based on these provisions.

The data controller shall no longer process the personal data concerning you unless it can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or for the establishment, exercise or defence of legal claims. If the personal data concerning you is processed for the purpose of direct marketing, you have the right to object at any time to the processing of personal data concerning you for the purpose of such marketing; this also applies to profiling insofar as it is related to such direct marketing.

If you object to processing for direct marketing purposes, the personal data relating to you will no longer be processed for these purposes.

You have the possibility, in connection with the use of information society services, notwithstanding Directive 2002/58/EC, to exercise your right to object by means of automated procedures using technical specifications.


7. The existence of automated decision-making, including profiling
As a responsible company, we do not use automatic decision-making or profiling.

8. Amendment to our Privacy Policy
We reserve the right to adapt this data protection declaration if necessary so that it always complies with the current legal requirements or in order to implement changes to our services in the data protection declaration, e.g. when introducing new services. The new data protection statement will then apply to your next visit.