- Polychromos →
We take the protection of your personal data very seriously. Data are “processed” by us in accordance with the applicable legal data protection regulations, in particular according to the European General Data Protection Regulation (hereafter referred to as GDPR) and the country-specific data protection regulations.
“Personal Data” means any information relating to an identified or identifiable individual. An identifiable person is one who can be identified, directly or indirectly, in particular by reference to a name, an identification number, location data, an online username or one or more special features specific to the expression of their physical, physiological, genetic, mental, economic, cultural or social identity.
“Processing” means any process performed, with or without the aid of automated procedures, or any such set of operations associated with personal data, such as collecting, recording, organizing, regulating, storing, adjusting or modifying, reading out, requesting, using, disclosing by transmission, disseminating or otherwise making available, comparing or linking, restricting, erasing or destroying.
2. Responsible Authority for Data Processing
As the provider of our Internet services, we are responsible for the data processing. You can reach us under the following contact details:
Fietz Polychromos GmbH
Tel.+49 21 74 - 666 313 - 0
Data security officer:
3. Processing of Your Data
The nature, extent and purpose of the processing of your data differ according to whether you only visit our website or use any services offered by us:
a) Visit Our Website (Server Log Files)
When visiting our website, the server saves data in so-called server log files, which your Internet browser automatically sends to the server, in particular:
- Visited web pages
- Time of access
- Amount of data sent in bytes
- Source/reference, from which you came to the page
- Browser used
- Operating system used
- IP address
The data collected are only used for statistical evaluation and to improve the website. However, the website operator reserves the right to retrospectively check the server log files should concrete evidence point to unlawful use.
The processing of this data takes place in order to enable the use of the Internet pages you have accessed, for statistical purposes, to improve our internet presence and security against illegal cyber attacks, as well as to exercise, assert or defend against legal claims. Your IP address will only be stored for as long as necessary to defend against potential cyber attacks and provide law enforcement with the information needed to prosecute.
The above-mentioned data will be processed separately from all personal data that you provide to us when you visit our website and/or use a service, and never merged.
This data processing described above has its legal basis in Article 6 paragraph 1(b) of the GDPR for carrying out necessary pre-contractual measures, which are done at your request in order to enable you to use the websites you have accessed. Insofar as the above data are processed for the purposes of security against unlawful cyber attacks, or to exercise, assert or defend against legal claims, this is done on the legal basis of Article 6 paragraph 1(f) of the GDPR. Our legitimate interest in this data processing lies in the evaluation of the data for the improvement of our Internet offer, in order to exercise, assert or defend against any legal claims if necessary, and to protect our systems against unlawful cyber attacks.
b) Processing of Personal Data When Using the Services We Offer:
We will only process personal data if it is permitted by law or you consent to the processing of your personal data.
Insofar as you wish to make use of the services offered by us on our website, it may be necessary for you to submit or communicate further personal data. The data absolutely required by us can be found in the input mask during the registration or ordering process. Other information that is not necessarily required for the purposes described above, you may enter voluntarily; they are marked accordingly when collecting the data during the registration or ordering process.
We process your personal data for the above purposes according to Article 6 paragraph 1(b) of the GDPR in order to fulfil a contract with you or to carry out the necessary pre-contractual measures, which take place upon your request. Therefore, the purpose of processing your personal data is to respond to your inquiries or to provide the desired service. Without the provision of personal data, we cannot process your request and/or conclude the contract with you, nor provide the services offered.
Furthermore, we process your data for the purpose of exercising, asserting or preventing legal claims arising from the contractual relationship and, if appropriate, allowing law enforcement authorities to prosecute any misuse of our services. The above data processing is based on the legal framework of Article 6 paragraph 1(f) of the GDPR. Our legitimate interest in processing data on the basis of Article 6 paragraph 1(f) of the GDPR is that it may exercise, assert or defend legal rights arising from the contractual relationship and, where appropriate, allow law enforcement authorities to prosecute.
We also process your personal data for the purpose of fulfilling our statutory storage obligations. The legal basis for the fulfilment of our statutory storage obligations is standardized in Article 6 paragraph 1(c) of the GDPR.
Your data will be forwarded for the purposes of contract fulfilment or to carry out necessary pre-contractual measures, which are made upon your request, and, if necessary, to our supporting service providers, which we have of course carefully selected. These can be technical service providers or those who assist us with the shipping or payment processing or bookkeeping.
Transfer of your personal data to other third parties happens otherwise only if we are legally obliged to do so according to Article 6 paragraph 1(c) of the GDPR and possibly to lawyers and tax consultants according to Article 6 paragraph 1(f) of the GDPR. Our legitimate interest in the transfer of your data to tax consultants and lawyers is to comply with our tax obligations or to exercise, assert or defend against legal claims.
Beyond that, we will not share your personal information with third parties without your express consent.
Session Cookies and Permanent Cookies
We use session cookies on our site which are set when the homepage is called up and are only valid until your browser is closed again. In addition, we use so-called “permanent cookies” on our site, which are automatically deleted at the latest after 12 months. The purpose of the session and permanent cookies used by our website is to enable you to more effectively use our website as well as to collect statistical information about our website, analyse it and make improvements. “Permanent cookies” also allow a device to be recognized when you visit our website again and to save information about your last visit (for example your preferred language or other settings). We only use permanent cookies, which are automatically deleted after 12 months at the latest. User profiles are not created by the cookies we set.
Whether cookies can be set and retrieved can be determined by the settings in your browser. For example, you can disable cookies in your browser altogether, restrict it to certain websites or configure your browser to automatically notify you when a cookie is about to be placed and ask for your permission. Furthermore, you can set your browser so that cookies are automatically deleted when closing it. Finally, you may be able to activate a Do-Not-Track (“DNT”) feature in your browser so that it will not automatically be tracked by any web analytics tool being used. Information about the configuration of your browser settings can be found in the help function of your respective Internet browser.
5. Time Limits for the Storage and Deletion of Personal Data
If the processing purpose for your respectively required personal data does not apply, your personal data processed by us will be routinely deleted or blocked, unless you have authorised the permanent storage of your personal data.
If individual data must be stored after it is no longer needed for processing purposes due to legal retention periods (for example tax and commercial storage regulations), the data is then blocked instead of deleted. The data to be retained may then be processed on the legal basis of Article 6 paragraph 1(c) of the GDPR only for the purposes set out above.
6. Your Rights as a Data Subject
You have the rights described below at all times:
- Right to confirmation and to information about the personal data processed by us in accordance with Article 15 of the GDPR
- Right to correct your personal data in accordance with Article 16 of the GDPR
- Right to the deletion of your personal data (“right to be forgotten”) in accordance with Article 17 of the GDPR
- Right to restriction of the processing of your personal data in accordance with Article 18 of the GDPR
- Right to the transfer of your personal data in accordance with Article 20 of the GDPR
- In accordance with Article 22 of the GDPR, you have the right not to be subject to a decision based solely on automated processing - including profiling, which may have legal effect or affect you in a similar manner.
7. Right to Contest
You have the right to contest at any time, on grounds relating to your particular situation, the processing of your personal data, which is based on point (e) or (f) of Article 6 paragraph 1 of the GDPR; this also applies to profiling based on these provisions.
In the event of an objection, we shall no longer process your personal data, unless we can demonstrate compelling legitimate grounds for the processing which outweigh your interests, rights and freedoms, or the processing serves the assertion, exercise or defence of legal claims.
If personal data are processed for direct marketing purposes, you shall have the right to contest the processing of your personal data for such marketing at any time; this also applies to profiling to the extent that it is related to such direct marketing.
Furthermore, you have the right, on grounds relating to your particular situation, to contest the processing of your personal data for scientific or historical research purposes, or for statistical purposes according to Article 89 paragraph 1 of the GDPR, unless such processing is necessary for the performance of a task carried out for reasons of public interest. If you contest the processing for direct marketing purposes, the personal data will no longer be processed for these purposes.
8. Right to Revocation of Consent
You may revoke your expressly granted data protection consent at any time with effect for the future. The legality of the processing carried out on the basis of the consent up to the revocation is not affected by the revocation.
9. Complaints about Violations of Data Protection to the Supervisory Authorities
If you believe that your privacy rights have been violated, you can contact the supervisory authority of your state or in the state where our headquarters is located. If a complaint relates to a company located in another federal state, the supervisory authority will forward the complaint to the supervisory authority responsible there.
10. Obligation to Notify in Connection with the Correction ot Deletion of Personal Data or the Restriction of Processing
We will notify all recipients who have disclosed personal data about any correction or deletion of personal data or a restriction of processing according to Article 16, Article 17 paragraph 1 and Article 18 of the GDPR, unless this proves to be impossible or it involves unreasonable effort. We will also inform you about these recipients upon your request.
11. Legal or Contractual Regulations for the Provision of Your Personal Data as well as Information About the Necessity for the Conclusion of the Contract and About Your Obligation to Provide the Personal Data and Possible Consequences of Non-Provision:
As described above, we collect and process your personal information, in particular for fulfilling a contract with you or carrying out pre-contractual actions that are performed upon your request. In some cases, the provision of personal data in contracts (i.e., for invoices) is required by law due to tax and/or commercial guidelines, otherwise it is a contractual or pre-contractual obligation. Unless you provide us with personal information, this will mean that we cannot conclude a contract with you and/or cannot respond to your requests.
Insofar as we process your personal data based on a legitimate interest in accordance with Article 6 paragraph 1(f) of the GDPR, the provision of your data for these purposes is neither contractually nor legally required. The details of the data processing on the basis of a legitimate interest can be found in the respective sections of the information above. Unless you provide us with personal information for these purposes, it could result in you not being able to use our website and services in part or in full.
12. Automated Decisions on a Case-by-Case Basis, Including Profiling
We do not use automated decision making, including profiling according to Article 22 paragraphs 1 and 4 of the GDPR.
13. Data Security
We use technical and organizational security measures to protect the processing of personal data, in particular against accidental or intentional manipulation, loss, destruction or against the attack of unauthorized persons. Our security measures are continuously improved in line with technological developments.
14. Questions / Comments
15. Use of Third-Party Tools and Content
Information on Google Maps
The use of Google Maps as described above will enable you to easily find the places we have listed on the website. This constitutes a legitimate interest according to Article 6 paragraph 1(f) of the GDPR.
Information on Google Fonts
We integrate fonts on our website through the “Google Fonts” service of Google Inc., 1600 Amphitheater Parkway, Mountain View, CA 94043, USA. We use “Google fonts” exclusively for the uniform presentation of fonts on our website. Google Fonts are not stored on our own server, but come from the cloud of Google servers. If you visit one of our websites, your browser loads the required fonts into your browser cache to display texts and fonts correctly. Thus, the unabridged IP address and the personal browser history are transmitted to the Google Server.
If your browser does not support Google Fonts, a default font will be used by your computer.
For more information about Google Web Fonts, see