Privacy Policy - Data Protection
I. Name and address of the controller in charge for data processing
Controller in charge for data processing within the meaning of the EU-General Data Protection Regulation (GDPR) and all other relevant data protection laws is:
Orion Qubo Siegel u.Stanness GbR, trading as „ORION QUBO“
represented by its managing directors Verena Siegel and Peter Stanness
Lindenstr.230
40235 Düsseldorf
GERMANY
(hereinafter also referred to as: We/us)
Tel.: +49 (0)211 15848983
E-Mail: [email protected]
Websites: www.orion-qubo.com
II. General information on data processing
1. Scope of processing of personal data
We process and use personal data of our users and customers only, if this is allowed under applicable laws or if this is necessary for the purposes of providing you with functioning website and services, for the purposes of the performance and fulfilment of purchase contracts that are concluded in our online shop as well as for advertising purposes. Personal data are only processed if permitted by law or if you consented in the processing of your personal data.
2. Legal basis for data processing
If and to the extent that you have given consent to the processing of your personal data for one or more specific purposes, the legal basis for the processing is Art. 6 (1) lit. a GDPR.
If and to the extent that the processing is necessary for the performance of a contract to which you are party or in order to take steps at the request of you prior to entering a contract, the legal basis for the processing is Art. 6 (1) lit. b GDPR.
If and to the extent that processing is necessary for compliance with a legal obligation to which we are subject, the legal basis for the processing is Art. 6 (1) lit. c GDPR.
If and to the extent that processing is necessary in order to protect the vital interests of you or of another natural person, the legal basis for the processing is Art. 6 (1) lit. d GDPR.
If and to the extent processing is necessary for the purposes of the legitimate interests pursued by us or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of you which require protection of personal data, in particular where the data subject is a child, the legal basis for the processing is Art. 6 (1) lit. f GDPR.
3. Deletion of data and storage period
The duration of the storage of personal data is determined by the respective legal retention period (e.g. commercial and tax retention periods). After expiry of this period, the corresponding data will be routinely deleted, provided they are no longer necessary for the performance or initiation of a contract and/or there is no longer any legitimate interest on our part in the further storage.
III. Logfiles when visiting our websites
(1) When using our websites for information only, i.e. if you do not register or otherwise provide us with information, information are automatically transmitted to us by your browser. We only collect the data that your browser transmits to our server (so-called "server log files"). When you visit our website, we collect the following data as it is technically necessary for us to display the website to you:
- IP address (in anonymised form)
- Date and time at the moment of access
- Name and URL of our website
- Source/reference from which you came to the page
We process these data for the purposes of
- providing a stable connection to our website
- providing a comfortable use of our website
- analysing system security and stability of our website
(2) Data processing is carried out in accordance with Art. 6 (1) lit. f GDPR on the basis of our legitimate interest of the purposes as listed above. The data will not be used to identify you as our user which is not possible anyway, as only anonymised IP addresses are being processed. However, we reserve the right to check the server log files subsequently, if there are any concrete indications of illegal use.
IV. Creation of a customer Account
1. Description and scope of data processing
In order to use our online-shopping services you have to set up a customer retailer account. Your registration of such a customer retailer account is subject to our approval. Once we have approved your registration you can easily access your personal data in your account without having these submitted to us each time you are purchasing items in our online-shop. When you create your account you type in your personal data in the respective form and submit these data to us. These personal data will be stored by us:
- first name, last name
- company
- address (for shipping and billing)
- Tax ID
- telephone number
- e-mail-address
- password (your choice - no access by us)
2. Purposes and legal basis for data processing
The processing of personal data when creating a customer account serves the purpose of entering and performing purchase contracts with you. Legal basis for the processing of personal data is Art. 6 (1) lit. b GDPR.
3. Duration of storage
The duration of the storage of personal data is determined by the respective legal retention period (e.g. commercial and tax retention periods), see No. II. 3. of this Privacy Policy.
4. Removal and revocation
As a registered customer you can cancel your customer account at any time with future effect. When you cancel your customer account we will delete your personal data with future effect, so that it will no longer be possible for you to use your account for purchases in our online-shop. The processing of personal data for purchase contracts that have been concluded through your customer account remains unaffected by a cancellation of your account, which means that we will continue to process such data, if necessary for the performance and fulfilment of contracts or if we are obligated to do so by law.
You can change or modify your personal data that have been stored for your customer account at any time, if your data are no longer up-to-date. You can correct or change your personal data in your password secured account by yourself.
V. Online-purchase contracts
1. Description and scope of data processing
For the performance and fulfilment of purchase contracts that are being concluded in our online-shop as well as for pre-contractual activities, it is necessary for us to process your personal data that have been processed, submitted and stored during the registration and approval of your customer retailer account. In the context of online purchases the following additional data are being processed:
- Date and time of your order
- Product data
2. Transfer of personal data for order processing purposes
a) Shipping
For shipping and delivery purposes of the products you have purchased in our online-shop we work together service companies whom we assign with the shipping of your products. We will pass on your name, delivery address and e-mail-address (solely for messages concerning the shipped item) to one of these service companies, as this is necessary for delivering your items and informing you on the delivery according to Art. 6 (1) lit. b GDPR. These service companies are obligated to handle your data confidentially and in accordance with applicable data protection laws.
b) Administrative and technical purposes
In order to provide a functioning infrastructure of our online-shops and to optimise our services for you we use the technical services of the onlineshop-platform „3dCart“ within our legitimate interests according to Art. 6 (1) lit. f GDPR. 3dCart provides us with an e-commerce-software, with which our online-shops are created and administrated. 3dCart is certified for the US-European data protection agreement “Privacy Shield”, which guarantees compliance with the data protection level applicable in the EU.
According to 3dCart it collects Personal Information from our customers that we share with 3dCart or that such customers provide while registering for our website, browsing our website or during checkout on our website. 3dCart uses this information to provide us with its services to you, including supporting and processing orders, authentication and to improve the services. Further information on the processing of personal data by 3dCart can be found here: https://www.3dcart.com/privacy.html
3dCart is obligated to handle your data confidentially and in accordance with applicable data protection laws and processes data within the framework of a data processing commission agreement which clarifies that 3dCart may process personal data only for the purposes that are set out herein and only if the processing of personal data is permitted by law.
3. Legal basis for data processing and data transfer to third parties
The legal basis for data processing and data transfer to third parties as listed herein is Art. 6 (1) lit. b and lit. f GDPR.
4. Purposes of data processing and data transfer
The processing and transfer of the personal data mentioned herein is necessary for the conclusion, fulfilment and performance of contracts as well as steps at your request prior to entering into such contracts. Any personal data that are processed and transferred will only be used for the purposes that are set out herein.
5. Duration of storage, Removal and revocation
The duration of the storage of personal data is determined by the respective legal retention period (e.g. commercial and tax retention periods), see No. II. 3. of this Privacy Policy.
VI. Cookies and Google Analytics
1. Description and scope of data processing
In order to make your visit to our online-shop comfortable and to enable the use of certain functions, we and our service partners use so-called cookies. These are small text files that are stored on your end device. Some of the cookies we use are deleted after the end of the browser session, i.e. after closing your browser (so-called session cookies). Other cookies remain on your terminal and enable us or our partner companies (third-party cookies) to recognise your browser on your next visit (persistent cookies). If cookies are set, they collect and process specific user information such as browser and location data as well as IP addresses. Persistent cookies are automatically deleted after a specified period, which may vary depending on the cookie. Cookies are also used to simplify the submittal process by saving settings. If personal data are also processed by cookies, the processing is carried out in accordance with Art. 6 (1) point b GDPR either for the execution of the contract or in accordance with Art. 6 (1) point f GDPR to safeguard our legitimate interests in the best possible functionality of the website and a customer-friendly and effective design of the page visit.
Cookies help us to save and process the following data:
- content of your shopping cart
- log-in information of the user/account settings
Please note that you can set your browser in such a way that you are informed about the setting of cookies and you can decide individually about their acceptance or exclude the acceptance of cookies for certain cases or generally. Each browser differs in the way it manages the cookie settings. This is described in the help menu of each browser, which explains how you can change your cookie settings.
When you visit our website you will be informed of the use of cookies by a info banner which also allows you to accept or decline certain cookies.
2. Legal basis for data processing
The legal basis for the processing of personal data in context of the use of cookies and Google Analytics is Art. 6 (1) lit. f GDPR.
3. Purposes of data processing
We use cookies and Google Analytics to analyse and optimise our online-shops in a user-friendly way as well as for the following purposes:
- Ensuring the security in our online-shops
- Statistic purposes, especially analysing the range of our online-shops
- Optimising our online-services
These purposes are legitimate interests to process personal data within the meaning of Art. 6 (1) lit. f GDPR.
We do not use personal data generated by cookies and Google Analytics to create identifiable user profiles. Some functions of our websites cannot be provided without the use of necessary cookies.
4. Duration of storage, Removal and revocation
Cookies are stored on the computer or mobile device of the user and are transmitted to us by your computer or mobile device. Therefore you have control over the use of cookies. By changing your settings in your internet browser or by individual setting in our cookie banner you can block, deactivate or restrict the use of cookies. Cookies that have already been stored can be deleted at any time, even automatically by changing your settings. If cookies are blocked, deactivated or restricted, certain functions of our websites may not be used to the full extent.
VII. Newsletter
1. Description and scope of data processing
If you subscribe to our free e-mail newsletter, we will send you regular information about our products and services. The only mandatory information for sending the newsletter is your valid e-mail address. The indication of additional possible data is voluntary and is used to be able to address you personally. We use an opt-in procedure for sending the newsletter. This means that we will not send you an e-mail newsletter, unless you have expressly confirmed to us that you agree to the sending of the newsletter.
When you purchase items in our online-shop and you give us your e-mail address and confirm to us that you want to receive news and offers via e-mail, we can use your e-mail address for these purposes. In these cases we will only use your e-mail address to send news and offers to you for similar Orion Qubo products and services.
When you register for the newsletter, we store your IP address entered by the Internet Service Provider (ISP) as well as the date and time of registration so that we can trace any possible misuse of your e-mail address at a later time.
For the purpose of sending newsletters we use the third-party service "MailChimp", a newsletter platform of the US provider Rocket Science Group, LLC, 675 Ponce De Leon Ave NE #5000, Atlanta, GA 30308, USA.
The e-mail addresses of our newsletter recipients, as well as their other data described in this notice, are stored on the servers of MailChimp in the USA. MailChimp uses this information to send the newsletters on our behalf. Furthermore MailChimp may use this data according to its own information to optimize or improve its own services, e.g. for technical optimization of sending and presentation of the newsletters or for economic purposes to determine from which countries the recipients come. However, MailChimp does not use the data of our newsletter recipients to write to them or pass them on to third parties.
MailChimp is certified under the US-EU data protection agreement "Privacy Shield" and is committed to comply with the EU data protection regulations. Furthermore, we have concluded a "Data-Processing-Agreement" with MailChimp. This is a contract in which MailChimp undertakes to protect the data of our users, to process it on our behalf according to its data protection regulations and in particular not to pass it on to third parties. Further information on the processing of personal data by MailChimp can be found here: https://mailchimp.com/legal/privacy/
2. Legal basis for data processing
By activating the confirmation link of your newsletter subscription, you give us your consent to the use of your personal data in accordance with Art. 6 (1) lit. a GDPR. Legal basis for the use of your e-mail address for advertising mails when you have purchased items in our online-shop is § 7 (3) Gesetz gegen den unlauteren Wettbewerb (UWG).
3. Purposes of data processing
The data collected by us when registering for the newsletter will be used exclusively for the purpose of notification by means of the newsletter.
4. Duration of storage
After your cancellation, your e-mail address will immediately be deleted from our newsletter distribution list.
5. Removal and revocation
You can unsubscribe from the newsletter at any time via the link provided in the newsletter or by sending a message to us.
VIII. Contact
We provide information on how to get in contact with us on our website. In the context of contacting us (e.g. via e-mail), personal data is collected and stored:
- name
- e-mail-address
- your inquiry/message/question (formulated individually by you)
These data are stored and used exclusively for the purpose of responding to your request or for establishing contact and for the associated technical administration. In this context no personal data are transferred to third parties.
(2) The legal basis for processing data is our legitimate interest in responding to your request in accordance with Art. 6 (1) point f GDPR. If your contact is aimed at concluding a contract, the additional legal basis for the processing is Art. 6 (1) point b GDPR.
(3) Your data will be deleted after final processing of your inquiry; this is the case if it can be inferred from the circumstances that the facts in question have been finally clarified, provided that there are no legal storage obligations to the contrary.
IX. Social Media
You can also visit us on the social media platforms:
On these platforms we inform users and customers about our products and services. For the processing of personal data on these platforms the terms of service and privacy policy of the company that is operating these platforms apply. We do not have an influence on the processing of personal data on these platforms. If you use these platforms to get in contact with us we will only use your personal data to communicate with you.
X. Rights of the data subject
If your personal data are being processed, you are „data subject“ within the meaning of the GDPR and you have the following rights towards the controller of your data:
1. Right of information
Pursuant to Art. 15 GDPR you shall have the right to obtain information from the controller as to whether or not personal data concerning you are being processed, and, where that is the case, access to personal data and the following information: the purposes of the processing; the categories of personal data concerned; the recipients or categories of recipients to whom personal data have been or will be disclosed; where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period; the existence of the right to request from us rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing; the right to lodge a a complaint with a supervisory authority; where the personal data are not collected from the data subject, any available information as to their source; the existence of automated decision-making, including profiling as well as - if applicable - meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.
2. Right of rectification
Pursuant to Art. 16 GDPR you shall have the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning you or the right to have incomplete personal data completed.
3. Right of erasure
Pursuant to Art. 17 GDPR you shall have the right to obtain from the controller the erasure of personal data concerning you without undue delay, unless that processing is necessary for exercising the right of freedom of expression and information, for compliance with a legal obligation which requires processing by Union or Member State law to which the controller is subject, for reasons of public interest or for the establishment, exercise or defence of legal claims.
4. Right to restriction of processing
Pursuant to Art. 18 GDPR you shall have the right to obtain from the controller restriction of processing where one of the following applies: the accuracy of the personal data is contested by you for a period enabling the controller to verify the accuracy of the personal data; the processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead; the controller no longer needs the personal data for the purposes of processing but they are required by you for the establishment, exercise or defence of legal claims; you have objected to processing pursuant to Art. 21 (1) GDPR pending the verification whether the legitimate grounds of the controller override those of you.
5. Right to data portability
Pursuant to Art. 20 GDPR you shall have the right to receive the personal data concerning you which you have provided to the controller in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided where the processing is based on consent and is carried out by automated means.
6. Right of withdrawal
Pursuant to Art. 7 (3) GDPR you shall have the right to withdraw your consent for the processing of personal data at any time with the consequence that we may not continue with the processing which was based on your consent.
7. Right to lodge a complaint
Pursuant to Art. 77 GDPR you shall have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work, place of the alleged infringement or controller‘s residence.
8. Right to object
Pursuant to Art. 21 GDPR you shall have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on point (e) or (f) of Art. 6 (1) GDPR or where personal data are processed for direct marketing purposes in which case your right to object has to be respected by the controller irrespective of grounds relating to your particular situation.
Please contact us, if you want to exercise your rights in connection with the processing of your personal data or if you have any data related questions or inquiries.
XI. Data security
We solely use data transmission services that offer high security standards to protect the transmission of personal data and other confidential information against loss, alteration and misuse. We and our service partners endeavour to comply with high security standards in order to protect your data. If such data are being transmitted we are using encrypted services. You can recognize an encrypted connection by the character string https:// and the lock symbol in your browser line.
1st April 2020