We, Dobernut, as the operator of the dobernut.com website, are the responsible party for processing the personal data of our users and customers.
Personal data is information about an identified or identifiable natural person. This includes all information about your identity, such as your name, your e-mail address, your postal address, or online identifiers such as your IP address or device ID. Information that cannot be linked to your identity – such as statistical data, for example on the number of users of the online service – is not considered personal data.
In principle, you can use our website without disclosing your identity and without providing personal data. We will then only collect general information about your visit to our online service. For some of the services offered, however, personal data is collected from you. This data will then only be processed by us for the purpose of using this online service, in particular for providing the requested information.
An automated decision-making process based on your personal data does not take place in connection with the use of our online services.
Processing of personal data
Your information is stored by us on specially protected servers within the UK and the European Economic Area. These are protected by technical and organisational measures against loss, destruction, access, modification, or distribution of your data by unauthorised persons. Access to your data is only possible for a few authorised persons. These are responsible for the technical, commercial or editorial maintenance of the servers. Despite regular checks, however, complete protection against all dangers is not possible.
Your personal data is transmitted over the Internet in encrypted form. We use SSL encryption (Secure Socket Layer) for data transmission.
Disclosure of personal data to third parties
As a matter of principle, we only use your personal data to provide the services you have requested. Insofar as external service providers are used by us in the context of providing the service, their access to the data is exclusively for the purpose of providing the service. We take technical and organisational measures to ensure compliance with data protection regulations and also oblige our external service providers to do the same.
Furthermore, we do not pass on data to third parties without your express consent, in particular not for advertising purposes. Your personal data will only be passed on if you yourself have consented to the data being passed on or if we are entitled or obliged to do so on the basis of statutory provisions and/or official or court orders. In particular, this may involve the disclosure of information for the purposes of criminal prosecution, to avert danger or to enforce intellectual property rights.
Insofar as we transfer your personal data ourselves or through service providers to countries outside the UK or the European Economic Area, we comply with the special provisions of the DPA and the GDPR. We will as such only transfer your data to countries outside the UK or the European Economic Area if the level of protection guaranteed by the DPA and the GDPR. This level of protection is guaranteed in particular by an adequacy decision or by suitable guarantees pursuant to Art. 46 of the GDPR.
Legal basis for data processing
Insofar as we obtain consent for the processing of your personal data, Art. 6 (1) a) GDPR serves as the legal basis for the data processing.
Insofar as we process your personal data because this is necessary for the performance of a contract or in the context of a relationship with you similar to a contract, Art. 6 (1) b) GDPR serves as the legal basis for the data processing.
Insofar as we process your personal data for the fulfilment of a legal obligation, Art. 6 (1) c) GDPR serves as the legal basis for the data processing.
Furthermore, Art. 6 (1) f) GDPR serves as the legal basis for data processing if the processing of your personal data is necessary to protect a legitimate interest of our company or a third party and your interests, fundamental rights and freedoms do not require the protection of personal data.
Data deletion and storage period
We always delete or block your personal data when the purpose for storing it no longer applies. However, data may be stored beyond this if this is provided for by legal requirements to which we are subject, for example with regard to statutory storage and documentation obligations. In such a case, we will delete or block your personal data after the end of the corresponding requirements.
Use of our online services
a) Information about your computer or device
Each time you access our website, we collect the following information about your computer or device, the IP address of your computer, the request of your browser and the time of this request. In addition, the status and the amount of data transferred are recorded as part of this request. We also collect product and version information about the browser used and the computer’s operating system. We also record the website from which our website was accessed.
The IP address of your computer or device is only stored for the time of use of our website and is then deleted or anonymised by shortening it. The remaining data is stored for a limited period of time. We use this data for the operation of our website, in particular to detect and eliminate errors, to determine the utilisation of our website and to make adjustments or improvements. These purposes are also our legitimate interest in data processing according to Art. 6 (1) f) GDPR, which is the legal basis for this processing.
Cookies are used for our website – as is the case on many websites. Cookies are small text files that are stored on your computer or device and save certain settings as well as data for exchange with our website via your browser. A cookie usually contains the name of the domain from which the cookie file was sent, information about the age of the cookie and an alphanumeric identifier.
Cookies enable us to recognise your computer or device and make any preferences immediately available.
For some functions on our website, we make use of services from third-party providers. The corresponding services are mainly optional functions that must be explicitly selected or used by you.
The legal basis for the associated data processing, including any data transfer, is in each case your consent within the meaning of Art. 6 (1) a) GDPR. Once given, consent can be revoked at any time with effect for the future, in particular by changing the selected settings.
The legal basis for the use of necessary cookies is our legitimate interest in the proper provision of our website within the meaning of Art. 6 (1) f) GDPR as well as – insofar as contracts are concluded or fulfilled via our website – the fulfilment of the contract within the meaning of Art. 6 (1) b) GDPR.
c) Order processing
We only use your personal data when you place an order within our company and affiliated companies as well as with the company commissioned with the processing of orders.
For order processing, we work together with various companies that are responsible for payment processing and logistics. We ensure that our partners also comply with all applicable data protection regulations.
For example, we pass on your address data (name and address) to the respective transport company that delivers the ordered products to you. The legal basis for this is Art. 6 (1) b) GDPR. The processing of your personal data is necessary for the fulfilment of the contract with you.
Within the framework of the legal requirements, it may also be possible for us to use the contact data provided in the context of the order to send you advertising by e-mail or by post, even without your express consent. You can find more information on this under the heading “Newsletter”.
The data will be stored by us for as long as it is required for the fulfilment of the contract. In addition, we store this data for the fulfilment of post-contractual obligations and due to retention periods under commercial and tax law for the period prescribed by law. This retention period is usually 6 years to the end of the respective calendar year.
d) Online Payment, Secure data transmission and Credit card information
Payment by credit card and SEPA direct debit is made via the payment service provider “Stripe”, to which we pass on your mandatory details (e-mail address) provided during the checkout, in accordance with Art. 6 (1) b) GDPR for payment processing. Your data will only be passed on for the purpose of payment processing with the payment service provider Stripe and only insofar as it is necessary for this purpose (data protection Stripe). Information on the service provider: Stripe Payments Europe Ltd, Block 4, Harcourt Centre, Harcourt Road, Dublin 2, Ireland.
ii) Google Pay
The provider of Google Pay is Google INC. If a data subject selects Google Pay for payment processing, we will transmit the payment details a data subject provided to us during the ordering process to complete the order. The subsequent payment process takes place exclusively via Google Pay, without us having any further possibility to influence it and the legal basis is Art. 6 (1) b) GDPR for payment processing.
e) Communication with us
You can contact us in various ways, including via the contact form on our website. In addition, we will be happy to inform you regularly by e-mail with our newsletter.
If you wish to use the contact form on our website, we will collect the personal data that you enter in the contact form, in particular your name and e-mail address. We also store the IP address and the date and time of the enquiry. We process the data transmitted via the contact form exclusively for the purpose of being able to answer your enquiry or your request.
You can decide for yourself what information you send us via the contact form. The legal basis for the processing of your data is your consent in accordance with Art. 6 (1) a) GDPR. After we have processed the matter, the data will initially be stored in case of any queries. Deletion of the data can be requested at any time, otherwise the data will be deleted after the matter has been fully dealt with; statutory storage obligations remain unaffected in each case.
When you register for our newsletter, your e-mail address will be used for our own advertising purposes until you unsubscribe. For this purpose, you will receive regular information by e-mail on current topics as well as e-mails for special occasions, for example special promotions. The e-mails may be personalised and individualised based on the information we have about you.
To register for our newsletter, we use the so-called double opt-in procedure, unless you have given us your consent in writing, i.e., we will only send you a newsletter by e-mail if you have previously expressly confirmed that you want us to activate the newsletter dispatch. For this purpose, we will send you a notification e-mail in which we ask you to confirm that you would like to receive our newsletter by clicking on a link contained in this e-mail.
The legal basis for the processing of your data is your consent in accordance with Art. 6 (1) a) GDPR if you have expressly registered for the newsletter. Within the framework of the legal requirements, it may also be possible that you receive newsletters, satisfaction surveys or other promotional approaches from us by e-mail or by post without express consent because you have ordered goods or services from us, we have received your e-mail address in this context, and you have not objected to receiving information by e-mail. The advertising content is limited to similar goods or services to those already ordered. In this case, the legal basis is our legitimate interest in transmitting direct advertising in accordance with Art. 6 (1) f) GDPR.
If you do not wish to receive any more newsletters from us, you can revoke your consent at any time with effect for the future or object to further receipt of the newsletter without incurring any costs other than the transmission costs according to the basic rates. Simply use the unsubscribe link contained in every newsletter or send a message to us.
g) Product recommendations by e-mail
We use the e-mail address you provide in connection with your purchase in our online shop for direct advertising for our own similar offers. You will receive these product recommendations regardless of whether you have subscribed to our newsletter. In this way, we want to send you information about products from our range that may be of interest to you based on your previous purchases in our online shop.
If you do not wish to receive these product recommendations, you can object to this at any time without incurring any costs other than the transmission costs according to the basic rates. A notification in text form to the contact details mentioned above is sufficient. Alternatively, you can also use the unsubscribe link contained in every e-mail.
h) Individually tailored offers
We want to provide you with offers that are as individual as possible. We therefore use the information you provide and which is automatically generated when you visit our website to design advertising tailored to you and your interests. For this purpose, we use existing information such as your purchase history, confirmations of receipt and reading of e-mails, date and time of your visit to our website, products you have viewed.
By analysing and evaluating this information, we are able to send you advertising tailored to your individual interests. We want to make our advertising as useful and interesting as possible for you. You will therefore receive advertisements such as newsletters or mailings that correspond to your interests.
Third Party Services
a) Google Analytics
We use Google Analytics, a service provided by Google Inc. This means that the data collected can in principle be transmitted to a Google server in the USA, whereby the IP addresses are anonymised by means of IP anonymisation so that an allocation is not possible. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data. You can object to the collection and processing of this data by Google Analytics by setting an opt-out cookie that prevents the future collection of your data when you visit this website: http://tools.google.com/dlpage/gaoptout?hl=en.
b) Google Tag Manager
We use Google Tag Manager, a web analytics service provided by Google, Inc. (“Google”). This service allows website tags to be managed via an interface. The Google Tag Manager only implements tags. No cookies are set, and no personal data is collected. The Google Tag Manager triggers other tags that may collect data. The Google Tag Manager does not access this data.
If a deactivation has been made at domain or cookie level, it remains in place for all tracking tags, insofar as these are implemented with the Google Tag Manager. More information on the Google Tag Manager can be found at the following link: http://www.google.com/tagmanager/use-policy.html. This service transmits data to the USA.
c) Facebook Remarketing
Within our website, so-called “Facebook pixels” of the social network Facebook, which is operated by Meta Inc., 1 Hacker Way, Menlo Park, CA 94025, USA, or if you are a resident of the EU, Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (“Facebook”), are used. With the help of the Facebook pixel, it is possible for Facebook to determine the visitors to our offer as a target group for the display of advertisements, so-called “Facebook ads”. Accordingly, we use the Facebook pixel to display the Facebook ads placed by us only to those Facebook users who have also shown an interest in our website. This means that with the help of the Facebook pixel we want to ensure that our Facebook ads correspond to the potential interest of the users and do not have a harassing effect. With the help of the Facebook pixel, we can also track the effectiveness of the Facebook ads for statistical and market research purposes by seeing whether users were redirected to our website after clicking on a Facebook ad.
The Facebook pixel is directly integrated by Facebook when our web sites are accessed and can save a so-called cookie, i.e., a small file, on your device. If you subsequently log in to Facebook or visit Facebook while logged in, your visit to our website will be noted in your profile. The data collected about you is anonymous for us, so it does not allow us to draw any conclusions about the identity of the user. However, the data is stored and processed by Facebook so that a connection to the respective user profile is possible. The processing of the data by Facebook takes place within the framework of Facebook’s data usage policy. Accordingly, you can find more information on how the remarketing pixel works and generally on the display of Facebook ads, in Facebook’s data usage policy: https://www.facebook.com/policy.php
You can object to the collection by the Facebook pixel and use of your data for the display of Facebook ads. To do so, you can visit the page set up by Facebook and follow the instructions there on the settings for usage-based advertising: https://www.facebook.com/settings?tab=ads or declare the objection via the US page http://www.aboutads.info/choices/ or the EU page http://www.youronlinechoices.com/. The settings are platform-independent. The settings are platform-independent, i.e., they are applied to all devices, such as desktop computers or mobile devices.
d) Google reCAPTCHA
We use “Google reCAPTCHA” on our websites. The provider is Google Inc. The purpose of reCAPTCHA is to check whether the data input on our websites is made by a human being or by an automated programme, and reCAPTCHA also protects our users from SPAM when using the message function. For this purpose, reCAPTCHA analyses the behaviour of the website visitor on the basis of various characteristics. This analysis begins automatically as soon as the website visitor enters the website. For the analysis, reCAPTCHA evaluates various information (e.g., IP address, time spent by the website visitor on the website or mouse movements made by the user). The data collected during the analysis is forwarded to Google.
The reCAPTCHA analyses run entirely in the background. Website visitors are not informed that an analysis is taking place. We have a legitimate interest in protecting our offers from abusive automated spying and our users from SPAM.
e) Google AdSense
We use Google AdSense, a web advertising service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”). Google AdSense uses so-called “DoubleClick DART Cookies” (“Cookies”). In addition, Google AdSense also uses so-called “web beacons” (small invisible graphics) to collect information, through the use of which simple actions such as user traffic on our online offer can be recorded, collected and evaluated. The information generated by the cookie and/or web beacon (including your IP address) about your visit to this website will be transmitted to and stored by Google on servers in the United States.
Google uses the information thus obtained to carry out an evaluation of user behaviour with regard to the AdSense ads. The IP address transmitted by your browser as part of Google AdSense will not be merged with other Google data. The information collected by Google may be transferred to third parties where required to do so by law, and/or where such third parties process the information on Google’s behalf.
This service transmits data to the USA. The transmission takes place exclusively on the basis of your consent pursuant to Art. 49 Para. 1 lit. a GDPR. You give your consent by making the appropriate selection in the consent management tool, which is displayed when you call up our site. You can view and adjust your data protection settings here at any time.
Of course, you have rights with regard to the collection of your data, which we are pleased to inform you of herewith. If you would like to make use of one of the following free rights, a simple message to us will suffice. For your own protection, we reserve the right, in the case of an existing enquiry, to obtain further information necessary to confirm your identity and, if identification is not possible, to refuse to process the enquiry.
a. Right to information
You have the right to request information and/or copies of the personal information stored about you.
b. Right to rectification
You have the right to request that personal information relating to you be corrected and/or completed without delay.
c. Right to object to processing
You have the right to request the restriction of the processing of your personal information, insofar as the accuracy of the data is disputed by you, the processing is unlawful, but you object to its erasure and we no longer require the data, but you need it for the assertion, exercise or defence of legal claims or you have lodged an objection to the processing.
d. Right to deletion
You have the right to request the erasure of your personal information stored by us, unless the exercise of the right to freedom of expression and information, the processing is necessary for compliance with a legal obligation, for reasons of public interest or for the assertion, exercise or defence of legal claims.
e. Right to information
Where you have exercised the right to rectification, erasure or restriction of processing, we will notify all recipients to whom personal information relating to you has been disclosed of such rectification or erasure or restriction of processing, unless this proves impossible or involves a disproportionate effort.
f. Right to data portability
You have the right to have personal information that you have provided to us handed over to you or to a third party in a structured, common and machine-readable format. If you request the direct transfer of the data to another responsible party, this will only be done insofar as it is technically feasible.
g. Right of objection
Insofar as your personal information are processed on the basis of legitimate interests (Art. 6 (1) (f) GDPR), you have the right to object to the processing at any time (Art. 21 (1) GDPR).
If we process your data for the purpose of direct marketing, you have the right to object at any time to the processing of personal information concerning you for the purpose of such marketing (Art. 21 (2) GDPR); this also applies to profiling insofar as it is related to such direct marketing.
h. Right to withdraw consent
You have the right to cancel your consent to the collection of data at any time with effect for the future. The data collected until the cancellation becomes legally effective will remain unaffected. Please understand that the implementation of your cancellation may take a little time for technical reasons and that you may still receive messages from us in the meantime.
i. Right to complain to a supervisory authority
If the processing of your personal information violates data protection law or if your data protection rights have otherwise been violated in any way, you may complain to the supervisory authority.
You can also exercise your rights of rectification and deletion most quickly, easily and conveniently by logging into your customer account and directly editing or deleting your data stored there.
j. Automated decision-making including profiling
You have the right not to be subject to a decision based solely on automated processing which produces legal effects concerning you or similarly significantly affects you.
The supervisory authority
The Information Commissioner’s Office (ICO) in the UK is the for us relevant authority in matters of data protection. You have the right to make a complaint at any time to the ICO (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.
Objection to processing
If you object to the processing of your data for advertising purposes or wish to revoke a granted consent, a short message, using our contact form is sufficient at any time. You can unsubscribe from the e-mail newsletter particularly easily by clicking on the unsubscribe link in the newsletter. Your data will then no longer be processed for corresponding advertising purposes.
The lawfulness of the processing carried out until the objection or revocation remains unaffected by this.
After your objection to the processing of your personal data for advertising purposes or the revocation of your consent, we are obliged under data protection law, in accordance with the requirements of the German data protection supervisory authorities, to include the data required for this purpose (name, address, e-mail address) in our internal advertising blacklist and to store (block) it permanently – for this purpose only – and to use it for matching with our future advertising files (Art.21 para. 3, Art.17 para. 3b, Art. 6 para. 1c, f GDPR). In this way, compliance with your advertising objection or revocation of your consent can be permanently ensured.
How can you exercise your data protection rights?
If you have any questions about the processing of your personal data by us, we will of course be happy to provide you with information about the data concerning you (Art. 15 GDPR).
In addition, you have the right to rectification (Art. 16 GDPR), deletion (Art. 17 GDPR), restriction of processing (Art. 18 GDPR) and objection (Art. 21 GDPR) if the legal requirements are met. You also have the right to data portability (Art. 20 GDPR). In all these cases, please contact using our contact form.
Existence of automated decision-making
As a responsible company, we do not use automated decision-making or profiling.
For security reasons, this site uses TLS/SSL encryption. You can recognise this encrypted connection by the fact that the address line of the browser changes from “http://” to “https://”, as well as by the lock symbol in your browser line. If encryption is activated, data that you transmit to us cannot be read by third parties.
Data of Children
Persons under the age of 18 are not permitted to transmit personal data to us or to submit a declaration of consent without the consent of their legal guardians. We encourage parents and guardians to actively participate in the online activities and interests of their children. If you become aware that your Child has provided us with Personal Data, without parental consent, please contact us and we take the necessary steps to remove that information from our server.