Privacy policy

Privacy Policy

1. Controller

The controller responsible for data processing on this website within the meaning of the General Data Protection Regulation (GDPR) is:

Schmiede-Kolben UG (haftungsbeschränkt)
Schaffhauser Str. 77
79713 Bad Säckingen
Germany
Phone: +49 7621 9566490
Email: contact@schmiede-kolben.shop

2. Contact Details of the Data Protection Officer

The Data Protection Officer of Wössner GmbH is:

Simone Klumpp
Phone: +49 7821 99666-50
Email: dsb@klumpp-systeme.de

3. General Information on Data Processing

We process personal data exclusively in accordance with the applicable data protection regulations, in particular the GDPR and the TDDDG.

Personal data means any information relating to an identified or identifiable natural person.

We process personal data in particular when you:

visit our website,
create a customer account,
place an order,
contact us,
subscribe to our newsletter,
use the chat function,
submit reviews, or
consent to the use of analytics, marketing or remarketing technologies.

4. Legal Bases for Processing

We process personal data on the basis of the following legal grounds:

Art. 6(1)(a) GDPR, where you have given us your consent;
Art. 6(1)(b) GDPR, where processing is necessary for the performance of a contract or in order to take steps prior to entering into a contract;
Art. 6(1)(c) GDPR, where processing is necessary for compliance with a legal obligation;
Art. 6(1)(f) GDPR, where processing is necessary for the purposes of our legitimate interests and where such interests are not overridden by the interests or fundamental rights and freedoms of the data subject.

Where we use cookies or similar technologies and these are not strictly technically necessary, such use is based solely on your consent pursuant to Section 25(1) TDDDG in conjunction with Art. 6(1)(a) GDPR. Technically necessary technologies may be used on the basis of Section 25(2) TDDDG.

5. Accessing the Website / Server Log Files

When you access our website, your browser automatically transmits information to the servers of our website. This may include in particular:

IP address
date and time of access
browser type and browser version
operating system used
referrer URL
host name of the accessing computer
pages and files accessed

This data is processed for the technical provision of the website, to ensure stability and security, and to prevent misuse.

Legal basis: Art. 6(1)(f) GDPR.

6. Hosting and Shop System via Shopify

Our online shop is operated via Shopify. For merchants in Europe, the service is generally provided by Shopify International Ltd., c/o Intertrust Ireland, 2nd Floor, 1–2 Victoria Buildings, Haddington Road, Dublin 4, D04 XN32, Ireland.

In connection with the use of Shopify, personal data is processed to the extent necessary for hosting, displaying the shop, order processing, checkout, security, technical administration and fraud prevention.

This may also involve intra-group or service-related transfers of data to other Shopify companies or service providers engaged by Shopify.

Processing is carried out for the provision and operation of our online shop.

Legal basis: Art. 6(1)(b) GDPR and Art. 6(1)(f) GDPR.

7. Orders and Contract Processing

When you place an order in our shop, we process the data provided by you for the purpose of performing and processing your order. This includes in particular:

first and last name
billing and delivery address
email address
telephone number, where provided or required for delivery
products ordered
order history
payment data
company data in the case of B2B orders

Processing is carried out for contract performance, delivery, invoicing, handling complaints and returns, and complying with commercial and tax-law obligations.

Legal basis: Art. 6(1)(b) GDPR and Art. 6(1)(c) GDPR.

8. Customer Account

If you create a customer account, we process your registration and usage data in order to provide you with password-protected access to your account, enable you to view orders, and manage your data and orders.

Legal basis: Art. 6(1)(b) GDPR.

You may request deletion of your customer account at any time. Statutory retention obligations remain unaffected.

9. Contact Form, Email, Telephone and Other Enquiries

If you contact us by contact form, email or telephone, we process the information you provide in order to handle your enquiry and any follow-up questions.

In particular, we process:

name
contact details
content of the enquiry
order or customer number, where applicable
any other information voluntarily provided by you

Legal basis:
Art. 6(1)(b) GDPR, insofar as the enquiry relates to a contract or pre-contractual measures;
otherwise Art. 6(1)(f) GDPR.

10. Chat Communication via Superchat

If you use our chat function, we process the data you provide as well as technical usage data, insofar as this is necessary to handle your enquiry, communicate with you and improve our customer service.

For the provision of the chat function, we use Superchat provided by SuperX GmbH, Prenzlauer Allee 242–247, 10405 Berlin, Building 7, Germany.

Depending on the content of your enquiry, the following data may in particular be processed:

name
contact details
communication content
date and time of communication
technical session and usage data

Legal basis:
Art. 6(1)(b) GDPR, insofar as use of the chat function serves pre-contractual measures or contract performance;
otherwise Art. 6(1)(f) GDPR.

Where cookies or similar technologies are used in connection with the chat function and these are not technically necessary, such use is based solely on your consent pursuant to Art. 6(1)(a) GDPR in conjunction with Section 25(1) TDDDG. Technically necessary technologies may be used on the basis of Section 25(2) TDDDG.

11. Payment Processing

For payment processing, we transfer the data required for this purpose to the payment service providers used during checkout. In our shop, this applies in particular to:

credit card
Shopify Payments
advance payment
invoice

Depending on the selected payment method, the following data may in particular be processed: name, billing address, delivery address, email address, telephone number, order number, order amount and payment-related information.

Processing is carried out for the purpose of payment execution and contract processing.

Legal basis: Art. 6(1)(b) GDPR.

Where, in individual cases, checks are carried out to prevent misuse, payment defaults or fraud, processing is also carried out on the basis of our legitimate interest in securing our business processes.

Legal basis: Art. 6(1)(f) GDPR.

12. Shipping and Delivery

For the delivery of your order, we transfer the data required for this purpose to the shipping service providers engaged by us, currently in particular:

DHL
FedEx

This generally includes the processing of name, delivery address, email address and telephone number where applicable, as well as shipment-related information, insofar as this is necessary for shipping, delivery, shipment tracking or delivery notification.

Legal basis: Art. 6(1)(b) GDPR.

13. Newsletter

If you subscribe to our newsletter, we process your email address and, where applicable, any additional data voluntarily provided by you in order to regularly send you information about our products, offers and news.

Registration takes place using the double opt-in procedure. We record the time of registration, the time of confirmation and technical proof in order to be able to document consent.

Where technically enabled, the newsletter may include performance measurement, for example by means of open rates and click rates.

Legal basis: Art. 6(1)(a) GDPR.

You may withdraw your consent at any time with effect for the future, for example via the unsubscribe link in the newsletter or by notifying us.

14. Newsletter Distribution via Mailchimp

We use Mailchimp to send our newsletter. In connection with newsletter management and distribution, personal data may be processed, in particular email address, name where applicable, and information relating to newsletter usage.

Processing is carried out exclusively on the basis of your consent.

Legal basis: Art. 6(1)(a) GDPR.

15. Reviews, Review Functions and Trustpilot

If you submit reviews in our shop or use review functions, we process the data entered by you and, where applicable, order-related information, insofar as this is necessary for providing, assigning and displaying the review.

Where we use external review services, in particular Trustpilot, or request that you submit a review where legally permissible, the data required for this purpose will be processed.

Legal basis: Art. 6(1)(a), Art. 6(1)(b) or Art. 6(1)(f) GDPR, depending on the specific configuration.

16. CRM / ERP System

We use a CRM / ERP system to manage customer, order and transaction data. In this context, master data, contact data, order data, quotation data, invoice data and communication data may in particular be processed, insofar as this is necessary for internal business processes, customer support, order processing, complaints handling and documentation.

Legal basis: Art. 6(1)(b) GDPR and Art. 6(1)(f) GDPR.

17. Cookies, Consent Management and Similar Technologies

Our website uses cookies and similar technologies.

We use technically necessary technologies insofar as this is required to provide the website, shopping cart, login, security settings or other functions expressly requested by you.

Non-technically necessary technologies, in particular for analytics, marketing, remarketing, conversion measurement or external media, are used only with your prior consent.

Your consents are managed via our consent management tool or cookie banner solution.

Legal basis:
Art. 6(1)(f) GDPR in conjunction with Section 25(2) TDDDG for technically necessary technologies;
Art. 6(1)(a) GDPR in conjunction with Section 25(1) TDDDG for technologies requiring consent.

18. Google Analytics

Where you have given your consent, we use Google Analytics to analyse the use of our website.

Google Analytics may in particular process the following data:

technical IP information
device and browser information
usage data
page views
events and interactions
approximate location data
referrer information

Processing is carried out for reach measurement, statistical analysis and optimisation of our online offering.

Legal basis: Art. 6(1)(a) GDPR in conjunction with Section 25(1) TDDDG.

19. Google Ads and Remarketing

Where you have given your consent, we use Google Ads and associated remarketing and conversion functions.

In this context, personal data and online identifiers may be processed in order to measure the effectiveness of our advertising and display interest-based advertising to you.

Legal basis: Art. 6(1)(a) GDPR in conjunction with Section 25(1) TDDDG.

20. Meta Pixel and Remarketing

Where you have given your consent, we use the Meta Pixel as well as remarketing and conversion functions.

In particular, information about your usage behaviour, device information, online identifiers, event data and page views may be processed in order to measure reach, attribute conversions and display interest-based advertising.

Legal basis: Art. 6(1)(a) GDPR in conjunction with Section 25(1) TDDDG.

21. YouTube

If we embed YouTube videos on our website, personal data may be transmitted to the provider when the video is played or, depending on the technical integration, already when the service is loaded.

Unless the integration of YouTube is strictly technically necessary, we embed YouTube content only after the corresponding consent has been given.

Legal basis: Art. 6(1)(a) GDPR in conjunction with Section 25(1) TDDDG.

22. Fraud Prevention

We may use technical and organisational measures as well as external security or risk management services to prevent misuse, fake orders, payment defaults and attempted fraud.

In this context, order data, device data, behavioural data and transaction data may in particular be processed, insofar as this is necessary for security and fraud prevention purposes.

Legal basis: Art. 6(1)(f) GDPR.

23. Recipients of Personal Data

Recipients or categories of recipients of personal data may in particular include:

Shopify and associated service providers
payment service providers
shipping and logistics companies
IT, hosting and security service providers
newsletter service providers
CRM / ERP service providers
chat and communication service providers, in particular SuperX GmbH (Superchat)
rating and review platforms
analytics, marketing and remarketing providers
tax advisers, accounting service providers, authorities and courts, where legally required

24. Transfers to Third Countries

In connection with the use of individual services, personal data may be transferred to countries outside the European Union or the European Economic Area.

Where such transfers do not provide a level of data protection comparable to that of the European Union, we ensure that appropriate safeguards pursuant to the GDPR are in place, in particular through standard contractual clauses or an adequacy decision, where applicable.

25. Retention Period

We store personal data only for as long as is necessary for the respective purposes or for as long as statutory retention obligations apply.

In particular, the following principles apply:

Contract and order data are stored for the duration of contract processing and thereafter in accordance with the applicable commercial and tax-law retention obligations.
Data from customer accounts are stored until the account is deleted, unless statutory obligations prevent deletion.
Enquiries submitted via contact forms, email or chat are stored for as long as this is necessary for handling and documentation.
Newsletter data are stored until you withdraw your consent or unsubscribe.
Proof of consent is stored for as long as this is necessary to demonstrate that consent was lawfully obtained.
Server log files are generally stored only for a limited period, insofar as this is necessary for security reasons.
Cookie and tracking data are stored in accordance with the respective lifetimes of the technologies used and your consent settings.

26. Your Rights

Subject to the provisions of the GDPR, you have in particular the following rights:

right of access
right to rectification
right to erasure
right to restriction of processing
right to data portability
right to object to processing based on Art. 6(1)(f) GDPR
right to withdraw consent given at any time with effect for the future

To exercise your rights, it is sufficient to notify us or our Data Protection Officer.

27. Right to Lodge a Complaint with a Supervisory Authority

You have the right to lodge a complaint with a data protection supervisory authority regarding the processing of your personal data.

The competent supervisory authority for our company is:

The State Commissioner for Data Protection and Freedom of Information Baden-Württemberg
Heilbronner Straße 35
70191 Stuttgart
Germany

28. Obligation to Provide Data

The provision of personal data is partly required by law or contract or is necessary for the conclusion of a contract. Without the required data, we may not be able to process enquiries, orders or certain functions of our shop, or may only be able to do so incompletely.

29. Automated Decision-Making

As a general rule, we do not carry out solely automated decision-making within the meaning of Art. 22 GDPR.

Where payment service providers or fraud prevention services carry out their own automated checks, this is done under their own responsibility under data protection law or within the scope of the respective service used.

30. Amendments to this Privacy Policy

We reserve the right to amend this Privacy Policy where this becomes necessary due to changes in the legal situation, technical changes, or changes to our services or data processing activities.

The version published on our website at any given time shall apply.