Data Controller:
Topcart GmbH
Gustav-Stresemann-Ring 12-16
D–65189 Wiesbaden
Germany
Tel.: +49 (0)611-949190
Email: info@topcart.com
Website: www.topcart24.com
The Data Protection Officer at Topcart GmbH can be contacted at the above address (FAO Mr Rolf Hör) and/or at datenschutz@topcart.com.
We shall only process the personal data of our users if this is necessary to provide a fully functional website, as well as our content and services. The personal data of our users shall only be processed on a regular basis with their consent. This shall not apply if it is practically impossible to obtain users’ prior consent and the processing of the data is permitted by statutory regulations.
If we obtain the consent of data subjects to process their personal data, we shall do so on the basis of Article 6(1) (a) of the EU General Data Protection Regulation (GDPR).
If personal data is processed for the performance of a contract to which the data subject is party, the legal basis for this shall be Article 6(1) (b) of the GDPR. This shall also apply to any data processing required for the execution of pre-contractual measures.
If data processing is necessary for compliance with a legal obligation to which our company is subject, the legal basis for this shall be Article 6(1) (c) of the GDPR.
If data processing is necessary to protect the vital interests of the data subject or another natural person, the legal basis for this shall be Article 6(1) (d) of the GDPR.
If data processing is necessary to safeguard a legitimate interest of our company or third party – and this interest is not outweighed by the interests and fundamental rights and freedoms of the data subject – data shall be processed on the basis of Article 6(1) (f) of the GDPR.
The personal data of the data subject shall be deleted or blocked as soon as the storage purpose no longer exists. Personal data may be stored beyond this period if this is stipulated by EU Law or national legislation in EU regulations, laws or other provisions that are legally binding for the data subject. The data shall then be deleted or blocked at the end of a storage period established by such regulations, unless the further storage of the data is necessary for the conclusion or performance of a contract
When you access our website (topcart24.com), the browsers used on your device shall automatically send information to our website’s server. This information shall be temporarily stored in a so-called “log file”.
In doing so, the following information shall be collected from you or recorded without any intervention on your part and then stored until it is automatically deleted:
We shall process the data listed above for the following purposes:
The legal basis for the temporary storage of data and log files is Article 6(1) (f) of the GDPR.
The system must temporarily store IP addresses to deliver the website to users’ computers. IP addresses must remain stored for the duration of the session. Log files are saved to ensure the functionality of the website. We also use this data to optimise the website and ensure the security of our IT systems. The data collected in this context shall not be analysed for marketing purposes. Data shall be stored on log files after seven days at the latest. Data may be stored beyond this period. In such cases, the user’s IP address shall be deleted or distorted in such a way that the accessing client can no longer be identified. These purposes also represent our legitimate interest in data processing pursuant to Article 6(1) (f) of the GDPR.
Data shall be deleted as soon as it is no longer required for the purposes for which it was originally collected. If data is collected to provide the website, it shall be deleted at the end of each session.
The collection of data for the provision of the website and the storage of data on log files is essential for the operation of the website. As such, users shall not be able to oppose this.
We use cookies on our website. These are small files that are generated automatically by your browser and saved on your device (e.g. laptop, tablet, smartphone, etc.) when you visit our website. Cookies shall not damage your device, as they do not contain any viruses, trojans or other malware.
The information stored on cookies depends on the specific device used. However, this does not mean that we shall obtain immediate knowledge of your identity.
On the one hand, we use cookies to make the use of our services more comfortable for you. For example, we use so-called “session cookies” to determine whether you have already visited specific pages on our website. These shall be automatically deleted once you leave our website.
We also optimise the user friendliness of our website by using temporary cookies that are stored for a set period on your device. If you return to our website to use our services, these cookies shall automatically recognise that you have visited us in the past and remember the data and settings you have already submitted, so that you do not have to re-enter this information.
On the other hand, we use cookies to collect and analyse statistical data on the use of our website to optimise our services for you. If you return to our website, these cookies will allow us to automatically recognise that you have visited us in the past. These cookies shall be automatically deleted after a set period.
The legal basis for the processing of personal data with technically necessary cookies is Article 6(1) (f) of the GDPR.
If users consent to the processing of personal data with cookies for analytical purposes, this shall be done on the basis of Article 6(1) (a) of the GDPR.
Technically necessary cookies are used to simplify the use of websites for users. Some features of our website cannot be offered without the use of cookies. These features need the browser to be recognised when changing from one page to another.
We require cookies for the following applications:
(1) Shopping cart;
(2) Changes to language settings;
(3) Saved search terms.
The user data collected with technically necessary cookies shall not be used to create user profiles.
Analysis cookies are used to improve the quality of our website and its contents. We use analysis cookies to find out how the website is used and to constantly optimise our services.
These purposes also represent our legitimate interest in data processing pursuant to Article 6(1) (f) of the GDPR.
Cookies are saved on a user’s computer and then transferred to us from the device. As such, you as the user have full control over the use of cookies. You can deactivate or restrict the transfer of cookies by altering the settings in your Internet browser. Saved cookies may be deleted at any time. This may also be done automatically. However, fully deactivating cookies may prevent you from using some of the features on our website.
If you have given us your express consent in accordance with Article 6(1) (a) of the GDPR, we shall use your email address to send you our newsletter on a regular basis. We only require your email address to send you the newsletter.
We shall only use the newsletter to send you direct advertising for our similar products and services.
The personal data processed for the distribution of newsletters shall not be passed on to third parties. This data shall be used exclusively for the distribution of the newsletter.
If users consent to the processing of personal data after subscribing to the newsletter, this shall be done on the basis of Article 6(1) (a) of the GDPR.
The legal basis for the distribution of newsletters for the sale of goods and services is Section 7 Paragraph 3 of the German Law on Unfair Competition (UWG).
Any other personal data collected during the registration process shall be obtained to prevent the misuse of the services or email address.
Data shall be deleted as soon as it is no longer required for the purposes for which it was originally collected. As such, the user’s email address shall be saved for as long as the newsletter subscription is active.
Any other personal data collected during the registration process shall generally be deleted after seven days.
Users may cancel their newsletter subscription at any time. A corresponding link can be found in every newsletter for this purpose.
If the newsletter has been sent following registration on our website, users may also revoke their consent to the storage of the personal data collected during the registration process.
We offer users the possibility of registering on our website by submitting their personal data. This data is entered into an input mask, transferred to us and saved. Data shall not be passed on to third parties. The following data shall be collected during the registration process:
Users shall give their consent to the processing of this data during the registration process.
If users consent to the processing of their personal data, this shall be done on the basis of Article 6(1) (a) of the GDPR.
If registration is necessary for the performance of a contract to which the user is party or the execution of pre-contractual measures, the additional legal basis for data processing shall be Article 6(1) (b) of the GDPR.
Registration shall be required for the performance of a contract with the user or the execution of pre-contractual measures.
Data shall be deleted as soon as it is no longer required for the purposes for which it was originally collected.
This shall apply to any personal data collected during the registration process that is no longer required for the performance of a contract or the execution of pre-contractual measures. The personal data of a contractual partner may need to be retained after the conclusion of a contract, in order to fulfil contractual or statutory obligations.
You may cancel your user registration at any time. You may also have your stored data changed at any time.
If the data is required for the performance of a contract or the execution of pre-contractual measures, it may only be deleted prematurely if no contractual or statutory obligations oppose this.
There is a contact form on our website that can be used to get in touch with us electronically. If you use this option, the data you enter into the input mask shall be transferred to us and saved. This data comprises:
When you submit the contact form, you shall be asked for your consent to data processing and made aware of this Privacy Statement.
You may alternatively get in touch via the email address provided. In such cases, the personal data submitted with your email shall be saved.
No data shall be passed on to third parties during this process. This data shall be used exclusively to process correspondence.
If users consent to the processing of their personal data, this shall be done on the basis of Article 6(1) (a) of the GDPR.
The legal basis for the processing of data submitted with an email is Article 6(1) (f) of the GDPR. If the aim of email correspondence is to conclude a contract, the additional legal basis for data processing shall be Article 6(1) (b) of the GDPR.
We shall only use personal data obtained from the input mask to process contact requests. We shall also have a legitimate interest in data processing if users get in touch with us via email.
Any other personal data collected with the submission of the contact form shall be used to prevent misuse of the same and ensure the security of our IT systems.
Data shall be deleted as soon as it is no longer required for the purposes for which it was originally collected. This shall apply to any personal data obtained from the input mask of the contact form – and any data submitted via email – as soon as correspondence with a user is over. Correspondence shall be considered over once it can be inferred from the circumstances that the issue has been conclusively settled.
Any additional personal data collected with the submission of the contact form shall be deleted after seven days at the latest.
Users may revoke their consent to data processing at any time. If users get in touch with us via email, they may object to the storage of their personal data at any time. Correspondence cannot be continued in such cases, as the user’s account shall be deactivated.
In such cases, all personal data saved during correspondence shall be deleted.
We shall carry out the tracking measures listed below on the basis of Article 6(1) (f) of the GDPR. We shall use these tracking measures to ensure the constant optimisation of our website and tailor its design to users’ needs. We shall also use these tracking measures to collect and analyse statistical data on the use of our website to optimise our services for you. These interests are legitimate within the meaning of the aforementioned regulation.
The various data categories and purposes for data processing can be found in the respective tracking tools.
In order to constantly optimise our website and tailor its design to users’ needs, we use Google Analytics, a web analysis service developed by Google Inc. (https://www.google.de/intl/de/about/) (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; hereinafter referred to as “Google”). This involves the creation of pseudonymised user profiles and the use of cookies (see Section 4). Information generated by cookies regarding your use of this website shall be transferred and stored on a Google server in the USA. This shall include the following data:
This information shall be used to analyse the use of the website, compile reports on website activities and render other services associated with the use of the website and Internet; these services shall be carried out for market research purposes and to tailor the design of the website to users’ needs. This information may also be transferred to third parties if this is prescribed by law or if such third parties are commissioned to process the data. Your IP address shall never be collated with other Google data. IP address shall be anonymised in such a way that prevents identification (IP masking).
You can prevent the installation of cookies by selecting the relevant browser software setting; however, we would like to remind you that this may prevent you from fully using some of the features of this website.
You can also stop cookies from collecting data on your use of the website (incl. your IP address) and prevent Google from processing this data by downloading and installing a browser add-on (https://tools.google.com/dlpage/gaoptout?hl=de).
As an alternative to the browser add-on – especially for browsers on mobile devices – you can also prevent Google Analytics from collecting data by clicking on this link. This will place an opt-out cookie on your device to prevent your data from being collected during future visits to this website. The opt-out cookie will be saved on your device, and it will only work in this browser and on our website. If you delete cookies from this browser, you will have to re-save the opt-out cookie.
You can find more information on the data protection measures implemented by Google Analytics in the Google Analytics Help Centre https://support.google.com/analytics/answer/6004245?hl=de.
If personal data concerning you is processed, you shall be a “data subject” within the meaning of the GDPR and have the following rights vis-à-vis the data controller:
You may request confirmation from the data controller as to whether personal data concerning you is processed by us.
If we do process your personal data, you may obtain access to the following information from the data controller:
You shall have the right to obtain information as to whether your personal data is transferred to a third country or international organisation. If your personal data is transferred to a third country or international organisation, you shall have the right to be informed of the appropriate safeguards pursuant to Article 46 of the GDPR relating to the transfer.
If personal data concerning you is inaccurate or incomplete, you shall have the right to request the rectification and/or completion of this data from the data controller. The data controller must immediately rectify the data.
You shall have the right to ask for the processing of your personal data to be restricted under the following conditions:
If the processing of your personal data has been restricted, it shall only be processed (with the exception of storage) with your consent or for the establishment, exercise or defence of legal claims, or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or a Member State.
If data processing has been restricted in accordance with the requirements described above, you shall be informed by the data controller before the restriction of processing is lifted.
You may ask the data controller to immediately delete your personal data; the data controller shall then be obliged to immediately delete this data, provided your request is based on one of the following reasons:
If the data controller has made your personal data public and is obliged to delete it in accordance with Article 17(1) of the GDPR, the data controller shall consider the technology available and implementation costs to take reasonable steps, including technical measures, to inform any other data controllers who are processing your personal data that you have asked them to delete any links to, or copy or replication of, your personal data.
You shall not have the right to erasure if data processing is necessary:
If you have asserted your right to rectification, erasure or the restriction of data processing, the data controller shall be obliged to inform all data recipients about this rectification/erasure or the restriction of processing, unless this proves impossible or would involve an unreasonable amount of effort and expense.
You shall have the right to be told who has received your personal data by the data controller.
You shall have the right to receive the personal data you have provided to the data controller in a structured, commonly used and machine-readable format. Furthermore, you shall have the right to transmit this data to another data controller without being hindered by the data controller to whom your personal data has been provided, where:
In exercising this right, you shall also have the right to have your personal data transmitted directly from one data controller to another, provided this is technically feasible. This must not adversely affect the rights and freedoms of others.
The right to data portability shall not apply to any processing required for the performance of a task carried out in the public interest or in the exercise of official authority vested in the data controller.
You shall have the right to object, on grounds relating to your particular situation, at any time to the processing of your personal data which is based on Article 6(1) (e) and Article 6(1) (f) of the GDPR, including any profiling based on those provisions.
The data controller shall no longer process your personal data, unless it can demonstrate compelling legitimate grounds for processing which override your interests, rights and freedoms, or unless processing is carried out for the establishment, exercise or defence of legal claims.
If your personal data is processed for direct marketing purposes, you shall have the right to object at any time to processing for such purposes; this also includes any profiling related to such direct marketing.
If you object to processing for direct marketing purposes, your personal data shall no longer be processed for such purposes.
In the context of the use of information society services – and notwithstanding Directive 2002/58/EC – you may exercise your right to object by automated means using technical specifications.
If you would like to exercise your right to revoke your consent or object to data processing, you just have to send an email to datenschutz@topcart.com.
You shall have the right to revoke your consent to data processing at any time. If you revoke your consent, this shall not affect the legality of data processing carried out on the basis of your consent before your revocation.
You shall have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. This shall not apply if the decision:
However, these decisions shall not be based on the special categories of personal data referred to in Article 9(1) of the GDPR, unless Article 9(2) (a) or Article 9(2) (g) of the GDPR applies and suitable measures are in place to safeguard your rights, freedoms and legitimate interests.
In the cases referred to in points (a) and (c) above, the data controller shall implement suitable measures to safeguard your rights, freedoms and legitimate interests; this shall at least include your right to obtain human intervention on the part of the data controller, to express your point of view and to contest the decision.
Without prejudice to any other administrative or judicial remedy, you shall have the right to lodge a complaint with a supervisory authority – especially in the Member State of your habitual residence, place of work or place of the alleged infringement – if you consider that the processing of your personal data infringes the GDPR.
The supervisory authority with which the complaint has been lodged shall inform the complainant on the progress and outcome of the complaint, including the possibility of a judicial remedy pursuant to Article 78 of the GDPR.
We implement the widely used TSL procedure (transport layer security) for visits to our website; this provides a connection with the highest level of encryption supported by your respective browser. This is usually 256-bit encryption. If your browser does not support 256-bit encryption, we shall resort to 128-bitv3 technology instead. You can tell that each page on our website is encrypted, as the key/padlock symbol at the bottom of your browser status bar will be displayed as locked.
We also implement the appropriate technical and organisational measures to protect your data against intentional and accidental manipulation, full or partial loss, destruction and unauthorised third-party access. Our safety measures are constantly improved in line with technical developments.
This Privacy Statement is currently valid and was last updated in May 2018. It may be necessary to change this Privacy Statement if our website and its features are developed, or if statutory and/or official regulations are amended. The current version of the Privacy Statement can always be accessed and printed out at https://www.topcart24.com/privacy_policy_en.xhtml.