Datenschutzerklärung

The website of Sprinz & Neumann GbR collects a range of general data and information with each access to the website by an affected person or an automated system. This general data and information are stored in the server's log files. The following can be collected: (1) types and versions of the browsers used, (2) the operating system used by the accessing system, (3) the website from which an accessing system reaches our website (so-called referrer), (4) the sub-websites that are accessed via an accessing system on our website, (5) the date and time of access to the website, (6) an Internet Protocol address (IP address), (7) the Internet service provider of the accessing system, and (8) other similar data and information that serve to prevent dangers in the event of attacks on our information technology systems.

In using this general data and information, Sprinz & Neumann GbR does not draw conclusions about the affected person. Rather, this information is required to (1) deliver the contents of our website correctly, (2) optimize the contents of our website as well as the advertisements for it, (3) ensure the permanent functionality of our information technology systems and the technology of our website, and (4) provide law enforcement agencies with the necessary information for prosecution in the event of a cyberattack. The anonymized data and information collected in this way are evaluated statistically and further with the aim of increasing data protection and data security in our company to ultimately ensure an optimal level of protection for the personal data processed by us. The anonymous data from the server log files are stored separately from all personal data provided by an affected person.

5. Registration on our website

The affected person has the option to register on the website of the controller responsible for processing by providing personal data. The personal data transmitted to the controller can be derived from the respective input mask used for registration. The personal data entered by the affected person are collected and stored exclusively for internal use by the controller and for its own purposes. The controller may instruct the transfer to one or more processors, such as a package service provider, who also uses the personal data exclusively for internal purposes attributable to the controller.

By registering on the website of the controller, the IP address assigned by the affected person's Internet service provider (ISP), the date, and the time of registration are also stored. The storage of this data is based on the fact that only in this way can the misuse of our services be prevented, and these data enable the clarification of committed crimes if necessary. Therefore, the storage of this data is necessary to secure the controller. A transfer of this data to third parties generally does not occur unless there is a legal obligation to transfer or the transfer serves law enforcement purposes.

The registration of the affected person with voluntary provision of personal data serves the controller to offer the affected person contents or services that can only be offered to registered users due to the nature of the matter. Registered persons are free to modify the personal data provided during registration at any time or to request the complete deletion of their data from the database of the controller.

The controller provides each affected person with information upon request at any time regarding which personal data concerning them are stored. Furthermore, the controller corrects or deletes personal data at the request or notice of the affected person, as long as there are no legal retention obligations to the contrary. All employees of the controller are available to the affected person as points of contact in this context.

6. Contact possibility via the website

The website of Sprinz & Neumann GbR contains information due to legal regulations that enables quick electronic contact to our company as well as direct communication with us, which also includes a general address of the so-called electronic mail (email address). If an affected person contacts the controller via email or a contact form, the personal data transmitted by the affected person will be stored automatically. Such personal data provided voluntarily by an affected person to the controller will be stored for the purpose of processing or contacting the affected person. There is no transfer of this personal data to third parties.

7. Routine deletion and blocking of personal data

The controller processes and stores personal data of the affected person only for the period necessary to achieve the storage purpose or as provided by the European directives and regulations or another legislator in laws or regulations to which the controller is subject.

If the storage purpose ceases to apply or if a storage period prescribed by the European directives and regulations or another competent legislator expires, the personal data will be routinely blocked or deleted in accordance with legal regulations.

8. Rights of the affected person

a) Right to confirmation
Every affected person has the right granted by the European directives and regulations to request confirmation from the controller as to whether personal data concerning them are being processed. If an affected person wishes to exercise this right to confirmation, they can contact any employee of the controller at any time.

b) Right to access
Every affected person whose personal data are processed has the right granted by the European directives and regulations to obtain at any time from the controller free information about the personal data concerning them and a copy of this information. Furthermore, the European directives and regulations grant the affected person access to the following information:

• the purposes of processing
• the categories of personal data that are processed
• the recipients or categories of recipients to whom the personal data have been disclosed or will be disclosed, especially recipients in third countries or international organizations
• the planned duration for which the personal data will be stored, or, if not possible, the criteria for determining this duration
• the existence of a right to rectification or deletion of personal data concerning them or to restriction of processing by the controller or a right to object to such processing
• the existence of a right to lodge a complaint with a supervisory authority
• if the personal data are not collected from the affected person: all available information about the source of the data
• the existence of automated decision-making, including profiling in accordance with Article 22 (1) and (4) GDPR and — at least in these cases — meaningful information about the logic involved, as well as the significance and the intended effects of such processing for the affected person

Furthermore, the affected person has the right to inquire whether personal data have been transferred to a third country or to an international organization. If this is the case, the affected person also has the right to obtain information about the appropriate safeguards in connection with the transfer.

If an affected person wishes to exercise this right to access, they can contact any employee of the controller at any time.

c) Right to rectification
Every affected person whose personal data are processed has the right granted by the European directives and regulations to request the immediate rectification of inaccurate personal data concerning them. Furthermore, the affected person has the right to request the completion of incomplete personal data — also by means of a supplementary statement — taking into account the purposes of processing.

If an affected person wishes to exercise this right to rectification, they can contact any employee of the controller at any time.

d) Right to deletion (right to be forgotten)
Every affected person whose personal data are processed has the right granted by the European directives and regulations to request from the controller the immediate deletion of personal data concerning them if one of the following reasons applies and as long as the processing is not necessary:

• The personal data have been collected or otherwise processed for such purposes for which they are no longer necessary.
• The affected person revokes their consent on which the processing is based in accordance with Article 6 (1) (a) GDPR or Article 9 (2) (a) GDPR, and there is no other legal basis for processing.
• The affected person objects to the processing in accordance with Article 21 (1) GDPR and there are no overriding legitimate grounds for processing, or the affected person objects to the processing in accordance with Article 21 (2) GDPR.
• The personal data have been unlawfully processed.
• The deletion of the personal data is necessary to comply with a legal obligation under Union law or the law of the member states to which the controller is subject.
• The personal data were collected in relation to the services of the information society offered in accordance with Article 8 (1) GDPR.

If one of the above reasons applies and an affected person wishes to request the deletion of personal data stored by S & N Textilhandel Sprinz & Neumann GbR, they can contact any employee of the controller at any time. The employee of S & N Textilhandel Sprinz & Neumann GbR will ensure that the deletion request is complied with immediately.

If the personal data have been made public by Sprinz & Neumann GbR and our company is obliged to delete the personal data as the controller in accordance with Article 17 (1) GDPR, Sprinz & Neumann GbR will take reasonable measures, including technical measures, taking into account the available technology and the implementation costs, to inform other controllers that process the published personal data that the affected person has requested deletion of all links to these personal data or of copies or replications of these personal data, as long as the processing is not necessary. The employee of Sprinz & Neumann GbR will take the necessary actions in each case.

e) Right to Restriction of Processing
Every person affected by the processing of personal data has the right granted by the European directive and regulation to request the restriction of processing from the controller if one of the following conditions is met:

1. The accuracy of the personal data is contested by the data subject for a duration that allows the controller to verify the accuracy of the personal data.
2. The processing is unlawful, and the data subject opposes the deletion of the personal data and instead requests the restriction of its use.
3. The controller no longer needs the personal data for processing purposes, but the data subject requires it for the assertion, exercise, or defense of legal claims.
4. The data subject has objected to the processing according to Article 21 (1) GDPR, and it has not yet been determined whether the legitimate grounds of the controller override those of the data subject.

If any of the above conditions are met and a data subject wishes to request the restriction of personal data stored at S & N Textilhandel Sprinz & Neumann GbR, they can contact an employee of the data controller at any time. The employee of S & N Textilhandel Sprinz & Neumann GbR will initiate the restriction of processing.

f) Right to Data Portability
Every person affected by the processing of personal data has the right granted by the European directive and regulation to receive their personal data provided to a controller in a structured, commonly used, and machine-readable format. They also have the right to transmit this data to another controller without hindrance from the controller to whom the personal data was provided, provided that the processing is based on consent according to Article 6 (1) (a) GDPR or Article 9 (2) (a) GDPR or on a contract according to Article 6 (1) (b) GDPR and the processing is carried out using automated processes, unless the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

Furthermore, the data subject has the right, when exercising their right to data portability according to Article 20 (1) GDPR, to request that the personal data be transmitted directly from one controller to another, where technically feasible and provided that this does not adversely affect the rights and freedoms of other individuals.

To assert the right to data portability, the data subject can contact an employee of Sprinz & Neumann GbR at any time.

g) Right to Object
Every person affected by the processing of personal data has the right granted by the European directive and regulation to object at any time to the processing of personal data concerning them, based on reasons relating to their particular situation, when such processing is carried out pursuant to Article 6 (1) (e) or (f) GDPR. This also applies to profiling based on these provisions.

In the event of an objection, Sprinz & Neumann GbR will no longer process the personal data unless we can demonstrate compelling legitimate grounds for the processing that override the interests, rights, and freedoms of the data subject, or the processing is necessary for the establishment, exercise, or defense of legal claims.

If Sprinz & Neumann GbR processes personal data for direct marketing purposes, the data subject has the right to object at any time to the processing of personal data for such marketing purposes. This also applies to profiling to the extent that it is related to such direct marketing. If the data subject objects to the processing of their personal data for direct marketing purposes, Sprinz & Neumann GbR will no longer process the personal data for these purposes.

Additionally, the data subject has the right to object for reasons relating to their particular situation to the processing of personal data concerning them carried out by Sprinz & Neumann GbR for scientific or historical research purposes or for statistical purposes according to Article 89 (1) GDPR, unless such processing is necessary for the performance of a task carried out in the public interest.

To exercise the right to object, the data subject can directly contact any employee of Sprinz & Neumann GbR or another employee. Furthermore, the data subject is free to exercise their right to object in connection with the use of information society services, notwithstanding Directive 2002/58/EC, by means of automated procedures where technical specifications are used.

h) Automated Individual Decisions Including Profiling
Every person affected by the processing of personal data has the right granted by the European directive and regulation not to be subject to a decision based solely on automated processing — including profiling — that produces legal effects concerning them or similarly significantly affects them, unless the decision (1) is necessary for the conclusion or performance of a contract between the data subject and the controller, or (2) is permitted by Union or Member State laws to which the controller is subject and which also provide for appropriate measures to safeguard the rights and freedoms and legitimate interests of the data subject, or (3) is based on the explicit consent of the data subject.

If the decision (1) is necessary for the conclusion or performance of a contract between the data subject and the controller or (2) is based on the explicit consent of the data subject, Sprinz & Neumann GbR will implement appropriate measures to safeguard the rights and freedoms and legitimate interests of the data subject, including at least the right to obtain intervention by a person on the part of the controller, to express their point of view, and to contest the decision.

If the data subject wishes to assert rights concerning automated decisions, they can contact an employee of the controller at any time.

i) Right to Withdraw Consent for Data Processing
Every person affected by the processing of personal data has the right granted by the European directive and regulation to withdraw their consent to the processing of personal data at any time.

If the data subject wishes to exercise their right to withdraw consent, they can contact an employee of the controller at any time.

9. Data Protection Provisions Regarding the Use and Application of Google Analytics (with Anonymization Function)
The controller has integrated the Google Analytics component (with anonymization function) on this website. Google Analytics is a web analytics service. Web analytics is the collection, gathering, and analysis of data about the behavior of visitors to websites. A web analytics service collects data about, among other things, the website from which a data subject has come to a website (the so-called referrer), which subpages of the website have been accessed, and how often and for how long a subpage has been viewed. Web analytics is primarily used to optimize a website and for cost-benefit analysis of online advertising.

The operator of the Google Analytics component is Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.

The controller uses the "_gat._anonymizeIp" add-on for web analysis via Google Analytics. This add-on shortens and anonymizes the IP address of the internet connection of the data subject when accessing our websites from a member state of the European Union or from another contracting state of the Agreement on the European Economic Area.

The purpose of the Google Analytics component is to analyze visitor flows on our website. Google uses the data and information obtained for various purposes, including evaluating the use of our website, compiling online reports that show the activities on our websites, and providing additional services related to the use of our website.

Google Analytics places a cookie on the data subject's information technology system. Cookies are explained above. By setting the cookie, Google enables an analysis of the use of our website. With each call of one of the individual pages of this website operated by the controller, on which a Google Analytics component has been integrated, the internet browser on the data subject's information technology system is automatically prompted by the respective Google Analytics component to transmit data for the purpose of online analysis to Google. Within the framework of this technical procedure, Google becomes aware of personal data, such as the IP address of the data subject, which Google uses, among other things, to trace the origin of visitors and clicks and to subsequently enable commission settlements.

Using the cookie, personal information is stored, such as the time of access, the location from which access originated, and the frequency of visits to our website by the data subject. Each time our websites are visited, this personal data, including the IP address of the internet connection used by the data subject, is transmitted to Google in the United States of America. This personal data is stored by Google in the United States of America. Google may share this personal data collected through this technical procedure with third parties.

The data subject can prevent the setting of cookies through our website at any time by means of a corresponding setting of the web browser used and thereby permanently object to the setting of cookies. Such a setting of the web browser used would also prevent Google from setting a cookie on the data subject's information technology system. In addition, any cookie already set by Google Analytics can be deleted at any time through the web browser or other software programs.

Furthermore, the data subject has the option to object to the collection of data generated by Google Analytics related to the use of this website and to the processing of this data by Google and to prevent such processing. To do this, the data subject must download and install a browser add-on at the link https://tools.google.com/dlpage/gaoptout. This browser add-on informs Google Analytics via JavaScript that no data and information regarding visits to websites may be transmitted to Google Analytics. The installation of the browser add-on is considered a contradiction by Google. If the data subject’s information technology system is deleted, formatted, or reinstalled at a later date, the data subject must reinstall the browser add-on to deactivate Google Analytics. If the browser add-on is uninstalled or disabled by the data subject or by another person attributable to their sphere of control, there is the possibility of reinstalling or reactivating the browser add-on.

Further information and the applicable data protection provisions of Google can be accessed at

11. Payment Method: Data Protection Provisions for PayPal as a Payment Method

The controller has integrated components from PayPal on this website. PayPal is an online payment service provider. Payments are processed through so-called PayPal accounts, which represent virtual personal or business accounts. Additionally, PayPal allows for virtual payments via credit cards if a user does not maintain a PayPal account. A PayPal account is managed through an email address, which is why there is no traditional account number. PayPal enables online payments to third parties or the receipt of payments. PayPal also takes on trustee functions and offers buyer protection services.

The European operating company of PayPal is PayPal (Europe) S.à.r.l. & Cie. S.C.A., 22-24 Boulevard Royal, 2449 Luxembourg, Luxembourg.

If the affected person selects "PayPal" as the payment option during the order process in our online shop, data from the affected person will be transmitted to PayPal automatically. By choosing this payment option, the affected person consents to the transmission of personal data necessary for payment processing.

The personal data transmitted to PayPal typically includes first name, last name, address, email address, IP address, telephone number, mobile phone number, or other data necessary for payment processing. Personal data that are necessary for the fulfillment of the purchase contract, which are related to the respective order, are also included.

The purpose of the data transmission is payment processing and fraud prevention. The controller will transmit personal data to PayPal particularly when there is a legitimate interest for the transmission. The personal data exchanged between PayPal and the controller may be transmitted by PayPal to credit reporting agencies. This transmission serves the purpose of identity and credit verification.

PayPal may also forward personal data to affiliated companies and service providers or subcontractors, as far as this is necessary for the fulfillment of contractual obligations or the data is to be processed on behalf.

The affected person has the option to revoke consent for the handling of personal data at any time towards PayPal. A revocation does not affect personal data that must be processed, used, or transmitted for (contractual) payment processing.

The applicable data protection provisions of PayPal can be accessed at https://www.paypal.com/de/webapps/mpp/ua/privacy-full.

12. Legal Basis for Processing

Art. 6 I lit. a GDPR serves as the legal basis for processing operations where we obtain consent for a specific processing purpose. If the processing of personal data is necessary for the fulfillment of a contract to which the affected person is a party, such as in processing operations necessary for the delivery of goods or the provision of other services or considerations, the processing is based on Art. 6 I lit. b GDPR. The same applies to processing operations necessary for the performance of pre-contractual measures, such as in cases of inquiries regarding our products or services. If our company is subject to a legal obligation requiring the processing of personal data, such as to fulfill tax obligations, the processing is based on Art. 6 I lit. c GDPR. In rare cases, processing personal data may be necessary to protect vital interests of the affected person or another natural person. This would be the case, for example, if a visitor were to be injured in our establishment and subsequently their name, age, health insurance data, or other vital information needed to be disclosed to a doctor, a hospital, or other third parties. In this case, the processing would be based on Art. 6 I lit. d GDPR. Ultimately, processing operations may be based on Art. 6 I lit. f GDPR. This legal basis applies to processing operations not covered by any of the aforementioned legal bases, if the processing is necessary for the protection of legitimate interests of our company or a third party, provided that the interests, fundamental rights, and freedoms of the affected person do not outweigh them. Such processing operations are particularly permitted to us because they have been specifically mentioned by the European legislator. In this context, it was the view that a legitimate interest could be assumed if the affected person is a customer of the controller (Recital 47 Sentence 2 GDPR).

13. Legitimate Interests in Processing Pursued by the Controller or a Third Party

If the processing of personal data is based on Article 6 I lit. f GDPR, our legitimate interest is to conduct our business activities for the benefit of the well-being of all our employees and our shareholders.

14. Duration for Which Personal Data Are Stored

The criterion for the duration of storage of personal data is the respective statutory retention period. After expiration of the period, the corresponding data will be routinely deleted, provided they are no longer necessary for contract fulfillment or initiation.

15. Legal or Contractual Provisions for the Provision of Personal Data; Necessity for Contract Conclusion; Obligation of the Affected Person to Provide Personal Data; Possible Consequences of Non-Provision

We inform you that the provision of personal data is partly required by law (e.g., tax regulations) or may arise from contractual regulations (e.g., information about the contracting partner). In some cases, it may be necessary to provide personal data in order to conclude a contract, which must then be processed by us. The affected person is, for example, obligated to provide us with personal data if our company enters into a contract with them. Non-provision of personal data would result in the contract with the affected person not being concluded. Before providing personal data, the affected person must contact one of our employees. Our employee will clarify on a case-by-case basis whether the provision of personal data is legally or contractually required or necessary for the conclusion of the contract, whether there is an obligation to provide personal data, and what the consequences of non-provision of personal data would be.

16. Existence of Automated Decision-Making

As a responsible company, we refrain from automated decision-making or profiling.

This privacy policy was created using the privacy policy generator of DGD Deutsche Gesellschaft für Datenschutz GmbH, which operates as an external data protection officer in Cologne, in cooperation with the Cologne lawyer for data protection law, Christian Solmecke.

If you need any further assistance or modifications, feel free to ask!