Privacy Policy
I. Contact details of the controller
The controller within the meaning of the General Data Protection Regulation (GDPR) and other national data protection laws of the Member States as well as other data protection provisions is:
StilART Möbelwerkstätten GmbH
In der Brückenwiese 14
53639 Königswinter-Oberpleis
Germany
Tel.: +49 (0)2244 925880
E-mail: info@stilart-moebel.com
Website: www.stilart-moebel.com
II. Contact details of the Data Protection Officer
You can reach our Data Protection Officer at datenschutz@stilart-moebel.com or by post at our address with the addition “Der Datenschutzbeauftragte”.
III. General information on data processing
1. Scope of the processing of personal data
We process the personal data of our users only to the extent necessary to provide a functional website as well as our content and services. The processing of our users’ personal data generally takes place only with the user’s consent. An exception applies in cases where obtaining prior consent is not possible for factual reasons and the processing of the data is permitted by legal provisions.
2. Legal basis for the processing of personal data
Where we obtain the consent of the data subject for processing operations, Art. 6(1)(a) GDPR serves as the legal basis.
For the processing of personal data necessary for the performance of a contract to which the data subject is party, Art. 6(1)(b) GDPR serves as the legal basis; this also applies to processing operations required to take steps prior to entering into a contract.
Where processing is necessary for compliance with a legal obligation to which our company is subject, Art. 6(1)(c) GDPR serves as the legal basis.
Where processing is necessary in order to protect the vital interests of the data subject or of another natural person, Art. 6(1)(d) GDPR serves as the legal basis.
If processing is necessary for the purposes of the legitimate interests pursued by our company or by a third party, and such interests are not overridden by the interests or fundamental rights and freedoms of the data subject, Art. 6(1)(f) GDPR serves as the legal basis.
3. Erasure of data and storage duration
The personal data of the data subject will be erased or blocked as soon as the purpose of storage ceases to apply. Storage may also take place if this has been provided for by the European or national legislator in EU regulations, laws or other provisions to which the controller is subject. Data will also be blocked or erased if a storage period prescribed by the aforementioned standards expires, unless further storage of the data is necessary for the conclusion or performance of a contract.
4. Use of service providers
We use service providers to perform the following services and to process your data:
- Hosting our website in a secure data centre
- Maintenance and servicing of software and hardware
These providers process data on our behalf under Art. 28 GDPR, strictly in accordance with our instructions, and are contractually obliged to comply with applicable data protection regulations. All providers have been carefully selected by us and receive access to personal data only to the extent and for the duration necessary to provide the service or insofar as you have consented to the use of data.
If our service providers or partners are based in a country outside the European Economic Area (EEA), we will inform you accordingly.
IV. Provision of the website and creation of log files
1. Description and scope of data processing
Each time our website is accessed, our system automatically collects data and information from the computer system of the accessing device.
The following data are collected:
- Information about the browser type and version used
- The user’s operating system
- The user’s IP address
- Date and time of access
- Websites from which the user’s system reaches our website
The data are also stored in the log files of our system. These data are not stored together with other personal data of the user.
2. Legal basis for data processing
The legal basis for the temporary storage of data and log files is Art. 6(1)(f) GDPR.
3. Purpose of data processing
Temporary storage of the IP address by the system is necessary to deliver the website to the user’s computer. For this purpose, the IP address must remain stored for the duration of the session.
Storage in log files is carried out to ensure the functionality of the website. In addition, the data serve to optimise the website and to ensure the security of our IT systems. No evaluation of the data for marketing purposes takes place in this context.
These purposes also constitute our legitimate interest in data processing under Art. 6(1)(f) GDPR.
4. Duration of storage
The data are erased as soon as they are no longer necessary for achieving the purpose for which they were collected. In the case of data collected for the provision of the website, this is the case when the respective session ends.
In the case of storage in log files, this is the case after no more than 24 hours. Storage beyond this period is possible. In that case, the users’ IP addresses are deleted or anonymised so that an assignment of the calling client is no longer possible.
5. Right to object and removal
The collection of data for the provision of the website and the storage of data in log files are essential for the operation of the website. Consequently, the user has no possibility to object.
V. Use of cookies
This site does not use cookies.
VI. Contact form and e-mail contact
1. Description and scope of data processing
A contact form is available on our website which can be used for electronic contact. If a user makes use of this option, the data entered in the input mask are transmitted to us and stored. These data are, for the contact form:
- My name
- My e-mail address
- My phone number
- City
- Country
- My subject
At the time the message is sent, the following data are also stored:
- The user’s IP address
- Date and time of registration
During the sending process, your consent to the processing of the data is obtained and reference is made to this privacy policy.
Alternatively, contact is possible via the e-mail address provided. In this case, the user’s personal data transmitted with the e-mail are stored.
There is no disclosure of data to third parties in this context. The data are used exclusively for processing the conversation.
2. Legal basis for data processing
If the user has given consent, the legal basis for processing the data is Art. 6(1)(a) GDPR.
The legal basis for processing data transmitted in the course of sending an e-mail is Art. 6(1)(f) GDPR. If the e-mail contact aims at concluding a contract, the additional legal basis for processing is Art. 6(1)(b) GDPR.
3. Purpose of data processing
The processing of personal data from the input mask serves solely to process the contact request. In the case of contact by e-mail, this also constitutes the necessary legitimate interest in processing the data.
The other personal data processed during the sending process serve to prevent misuse of the contact form and to ensure the security of our IT systems.
4. Duration of storage
The data are erased as soon as they are no longer necessary for achieving the purpose for which they were collected. For the personal data from the contact form input mask and those sent by e-mail, this is the case when the respective conversation with the user has ended. The conversation is deemed ended when it can be inferred from the circumstances that the relevant matter has been conclusively clarified.
The additional personal data collected during the sending process are erased no later than seven days after submission.
5. Right to object and removal
The user may revoke consent to the processing of personal data at any time. If the user contacts us by e-mail, they may object to the storage of their personal data at any time. In such a case, the conversation cannot be continued.
You can inform us of your objection informally at any time using the contact details listed in Section I.
All personal data stored in the course of contacting us will then be deleted.
(The following paragraphs relate to social network “recommendation” buttons mentioned on some websites.)
(2) The recommendation buttons are provided by the operators of the social networks for integration into other websites. By embedding them in our web pages, a connection to the servers of the respective social network is established via cookies stored on your computer system. Even without clicking the recommendation button, your IP address is transmitted to the respective social network via this connection. You can prevent this by adjusting your browser settings (see Section 4).
(3) If you are logged into your profile with one of the social networks during your visit to our website, the operator of that network may collect and store further data about your visit to our website. If you do not want such an assignment, we recommend logging out of the social networks before visiting our website.
(4) We have no influence on the data collected and data processing operations, nor are we aware of the full extent of data collection, the purposes of processing or the storage periods. We also have no information regarding the deletion of data collected by the plug-in provider. The plug-in provider stores the data collected about you as usage profiles and uses them for advertising, market research and/or the needs-based design of its website. Such evaluation is carried out in particular (even for users who are not logged in) for the display of needs-based advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles; to exercise this right, you must contact the respective plug-in provider.
Please refer to the respective operators of the social networks for information on the processing and use of your data. You can find the providers’ data protection notices and, where applicable, settings to protect your privacy here:
Addresses of the respective plug-in providers and URLs with their data protection notices:
(to be completed with the specific providers you use)
VII. Rights of the data subject
If your personal data are processed, you are a data subject within the meaning of the GDPR and you have the following rights vis-à-vis the controller:
1. Right of access
You can request confirmation from the controller as to whether personal data concerning you are being processed.
If such processing is taking place, you can request access to the following information:
(1) the purposes for which the personal data are processed;
(2) the categories of personal data concerned;
(3) the recipients or categories of recipients to whom the personal data concerning you have been or will be disclosed;
(4) the envisaged period for which the personal data concerning you will be stored, or, if specific information is not possible, the criteria used to determine that period;
(5) the existence of a right to rectification or erasure of personal data concerning you, a right to restriction of processing by the controller or a right to object to such processing;
(6) the existence of a right to lodge a complaint with a supervisory authority;
(7) any available information as to the source of the data if the personal data are not collected from the data subject;
(8) the existence of automated decision-making, including profiling, referred to in Art. 22(1) and (4) GDPR and—at least in those cases—meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.
You have the right to be informed whether personal data concerning you are transferred to a third country or to an international organisation. In this context, you may request to be informed of the appropriate safeguards pursuant to Art. 46 GDPR relating to the transfer.
2. Right to rectification
You have the right to obtain from the controller the rectification and/or completion of inaccurate or incomplete personal data concerning you. The controller must make the correction without undue delay.
3. Right to restriction of processing
You may request the restriction of processing of personal data concerning you under the following conditions:
(1) you contest the accuracy of the personal data for a period enabling the controller to verify the accuracy of the personal data;
(2) the processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead;
(3) the controller no longer needs the personal data for the purposes of processing, but you require them for the establishment, exercise or defence of legal claims; or
(4) you have objected to processing pursuant to Art. 21(1) GDPR pending the verification whether the legitimate grounds of the controller override your grounds.
Where processing has been restricted, such personal data shall, with the exception of storage, only be processed with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.
If the restriction of processing has been restricted according to the above conditions, you will be informed by the controller before the restriction is lifted.
4. Right to erasure
a) Obligation to erase
You may request from the controller the erasure of personal data concerning you without undue delay and the controller is obliged to erase such data without undue delay where one of the following grounds applies:
(1) the personal data concerning you are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
(2) you withdraw consent on which the processing is based according to Art. 6(1)(a) or Art. 9(2)(a) GDPR, and where there is no other legal ground for the processing;
(3) you object to the processing pursuant to Art. 21(1) GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Art. 21(2) GDPR;
(4) the personal data concerning you have been unlawfully processed;
(5) the personal data concerning you must be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject;
(6) the personal data concerning you have been collected in relation to the offer of information society services referred to in Art. 8(1) GDPR.
b) Information to third parties
Where the controller has made the personal data public and is obliged pursuant to Art. 17(1) GDPR to erase the personal data, the controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers which are processing the personal data that you, as the data subject, have requested the erasure by such controllers of any links to, or copy or replication of, those personal data.
c) Exceptions
The right to erasure does not apply to the extent that processing is necessary
(1) for exercising the right of freedom of expression and information;
(2) for compliance with a legal obligation which requires processing by Union or Member State law to which the controller is subject, or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
(3) for reasons of public interest in the area of public health in accordance with Art. 9(2)(h) and (i) and Art. 9(3) GDPR;
(4) for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Art. 89(1) GDPR, in so far as the right referred to in section (a) is likely to render impossible or seriously impair the achievement of the objectives of that processing; or
(5) for the establishment, exercise or defence of legal claims.
5. Right to be informed
If you have asserted the right to rectification, erasure or restriction of processing against the controller, the controller is obliged to communicate this rectification or erasure of data or restriction of processing to all recipients to whom the personal data concerning you have been disclosed, unless this proves impossible or involves disproportionate effort. You have the right to be informed about these recipients.
6. Right to data portability
You have the right to receive the personal data concerning you, which you have provided to the controller, in a structured, commonly used and machine-readable format. You also have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, where
(1) the processing is based on consent pursuant to Art. 6(1)(a) GDPR or Art. 9(2)(a) GDPR or on a contract pursuant to Art. 6(1)(b) GDPR, and
(2) the processing is carried out by automated means.
In exercising this right, you also have the right to have the personal data transmitted directly from one controller to another, where technically feasible. The freedoms and rights of others shall not be adversely affected.
The right to data portability does not apply to processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
7. Right to object
You have the right to object at any time, on grounds relating to your particular situation, to processing of personal data concerning you which is based on Art. 6(1)(e) or (f) GDPR; this also applies to profiling based on those provisions.
The controller will no longer process the personal data concerning you unless the controller demonstrates compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing is for the establishment, exercise or defence of legal claims.
Where personal data concerning you are processed for direct marketing purposes, you have the right to object at any time to processing for such marketing; this also applies to profiling to the extent that it is related to such direct marketing.
If you object to processing for direct marketing purposes, the personal data concerning you will no longer be processed for such purposes.
In connection with the use of information society services, and notwithstanding Directive 2002/58/EC, you may exercise your right to object by automated means using technical specifications.
You may inform us of your objection to marketing at any time informally using the contact details stated in Section I.
8. Right to withdraw consent
You may withdraw your consent to the use of your data for advertising purposes at any time. You can send your withdrawal in writing or by e-mail to the above contact address. You may also unsubscribe on the respective platform of a specific service or via your customer account and thus withdraw your consent. If you unsubscribe only from individual services (e.g. a specific customer programme), your registrations for other services and any consent granted for corresponding advertising will remain valid.
Your withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.
9. Right to lodge a complaint with a supervisory authority
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, your place of work or the place of the alleged infringement, if you consider that the processing of personal data concerning you infringes the GDPR.
The supervisory authority with which the complaint has been lodged shall inform the complainant of the progress and the outcome of the complaint including the possibility of a judicial remedy pursuant to Art. 78 GDPR.
VIII. Disclaimer
Our web pages may contain links to the web pages of other providers to which this privacy policy does not extend.
The website contains links to external websites (“external links”). These websites are subject to the liability of the respective site operators. No legal violations were apparent at the time the external links were created. The provider has no influence on the current and future design of the linked pages. Constant monitoring of external links is not reasonable for the provider without concrete evidence of legal violations. If legal violations become known, the affected external links will be deleted immediately.