The security of personal data such as name, address, telephone number or email, is a serious and important concern for our company. Therefore, we conduct our online activities in compliance with the respective statutory provisions relating to data protection and data security. Below, you can find the information we process.
Personal data / types of use
As a principle, the protection of your personal data is of highest priority for us. You decide whether or not you wish to make such data known to us, for example in the course of any registration, survey or the like. Such information on your part is relevant for your enquiry, but you provide it on a voluntary basis. An exception to this rule is when prior consent cannot be obtained for practical reasons and the processing of data is permitted by law.
Legal basis for the processing of personal data
If we obtain the consent of the data subject to process their personal data, Article 6(1)(a) GDPR serves as the legal basis for the processing of personal data.
When processing personal data necessary for the performance of a contract to which the data subject is party, Article 6(1)(b) GDPR shall serve as the legal basis. This also applies to any processing required to perform pre-contractual measures.
If processing of personal data is necessary for compliance with a legal obligation to which we are subject, Article 6(1)(c) GDPR shall serve as the legal basis.
In the event that the vital interests of the data subject or of another natural person necessitate the processing of personal data, Article 6 (1)(d) GDPR shall serve as the legal basis.
If processing is necessary to safeguard the legitimate interests of our company or of a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject, Article 6(1)(f) GDPR shall serve as the legal basis for processing.
Data deletion and storage duration
The data subject’s personal data will be deleted or blocked as soon as the purpose of storage ceases to apply. Data may be stored beyond this if provisions have been made for this by the European or national legislator in Union regulations, laws or other rules to which the controller is subject. Data will also be blocked or deleted if a storage period prescribed by the standards mentioned above expires, unless there is a need for further storage of the data for the conclusion or fulfilment of a contract.
Exchange of data / contractual relationships with partners / third parties
In addition to the types of use described above, we will transfer your data to third parties that are involved in the processing of your order or that participate in contracts. For example, if you place an order via our website, we will transmit your order information to our partner companies and contractors who process and deliver your order to you. Data will only be transmitted to the extent required in order to fulfil or deliver your order or to process an enquiry. We will also transmit personal data to third parties where we are required to do so by law.
Data automatically collected on our website / usage data
We welcome anybody to visit and use our website free of charge and to look at the products on offer. When you visit our website, we record the following general usage data in order to assess which parts of our website you visit and how long you stay there:
- Information about the browser type and version used
- The user’s operating system
- The user’s IP address
- Date and time of access
- Websites from which the user’ system reaches our website
- The services and functions used on our website
Such data will be combined with the usage data of all visitors to our website in order to measure the number of visitors, the average time of the visits, pages visited, etc. The data we collect is combined and used for internal purposes only.
The legal basis for the temporary storage of data and log files is Article 6(1)(f) GDPR.
We use this combined data for evaluating our products, services and the news we make available via our website, as well as for monitoring use of our website and generally improving its content.
The temporary storage of IP addresses by the system is required in order to allow the website to be delivered to the user’s computer. To do this, the user’s IP address must be stored for the duration of the session.
Data is stored in log files to ensure the functionality of the website. In addition, we use the data to optimise the website and to ensure the security of our information technology systems. These purposes are also the basis for our legitimate interests in data processing pursuant to Article 6(1)(f) GDPR.
The data will be deleted as soon as it is no longer necessary for the purpose of its collection. If data is stored in log files, this is the case after no more than seven days. Further storage is possible. In this case, the users’ IP addresses are deleted or distorted, so that it is no longer possible to associate them with the calling client.
The collection of data in order to provide the website and the storage of the data in log files is essential for the operation of the website. Therefore the user cannot opt out.
Third party advertisements or links to other websites displayed on our website may collect user data if you click on them or otherwise follow their instructions. We have no control over the data collected either voluntarily or involuntarily via advertisements or websites of third parties. We recommend that you read the privacy policies of the promoted websites if you have any concerns regarding the collection and use of your data.
Like many other commercial websites, we sometimes use the technology known as “cookies” to collect information on how you use the website, and to ensure your visit runs smoothly.
Cookies are text files that are stored in the Internet browser or come from the Internet browser on the user’s computer system. When a user visits a website, a cookie may be stored on the user’s operating system. This cookie contains a distinctive string that allows the browser to be uniquely identified when the website is visited again.
Our cookies neither disclose nor contain any personal data. Cookies cannot read any information from your computer or interact with other cookies on your hard disk. However, cookies enable us to recognize you when you revisit our website.
The following data is stored in the cookies:
- Language settings
- Volume settings where applicable
- Items in a shopping basket
- Display name for customer ratings
The legal basis for processing personal data using cookies required for technical and analytical purposes is Article 6(1)(f) GDPR.
We require cookies for the following:
- Shopping basket
- Watch list
- Language settings and currency
- Logged in or logged out
The user data collected through technically necessary cookies is not used to create user profiles.
Analysis cookies are used for the purpose of improving the quality of our website and its contents. Analysis cookies allow us to ascertain how the website is used and thus constantly optimise our service.
These purposes are also the basis for our legitimate interests in processing personal data pursuant to Article 6(1)(f) GDPR.
If you do not want your browser to accept cookies, you can deactivate or restrict this option in your browser settings. Cookies that have already been saved can be deleted at any time. This can also be done automatically. Deactivation of cookies may prevent this website from functioning properly. You may not be able to access all the options and information on this website.
On our website, we offer users the opportunity to register by providing their personal data. The data is entered into an input screen and sent to us and stored. Data is not transferred to third parties. The following data is collected during the registration process:
- First name and surname
- Email address
- Company/institution/band (optional)
- Telephone number (optional)
- Mobile number (optional)
As part of the registration process, consent is obtained from the user to process this data.
The legal basis for processing data if the user’s consent is given is Article 6(1)(a) GDPR.
If the registration serves to fulfil a contract to which the user is party or to perform pre-contractual measures, the additional legal basis for the processing of data is Article 6(1)(b) GDPR.
User registration is necessary in order to provide certain content and services on our website.
User registration is necessary in order to fulfil a contract with the user or to perform pre-contractual measures.
The data will be deleted as soon as it is no longer necessary for the purpose of its collection.
This is the case for data collected during the registration process if the registration for our website is cancelled or modified.
This is the case for data collected during the registration process for the purpose of fulfilling a contract or performing pre-contractual measures if the data is no longer necessary for the performance of the contract. Even after the conclusion of the contract, there may be a need to store the contracting party’s personal data in order to comply with contractual or legal obligations.
As a user, you have the option to cancel your registration at any time. You can have the data stored about you erased at any time by sending an email to: email@example.com.
If the data is necessary for the fulfilment of a contract or for performing pre-contractual measures, premature deletion of the data is only possible if contractual or legal obligations do not preclude deletion.
Contact form and email contact
We provide a contact form on our website that you can use to get in touch with us electronically and let us know what we can help you with. If a user takes advantage of one of these options, the data entered on the input screen will be transmitted to us and stored. This data includes:
- Email address
- Telephone number (optional)
Alternatively, you can contact us via the email addresses provided on our website. In this case, the user’s personal data transmitted by email will be stored.
No data is passed on to third parties in this context. The data is used exclusively for processing the conversation.
The legal basis for processing the data transmitted via the contact form or in the course of sending an email is Article 6 (1)(f) GDPR. If the purpose of the contact is to conclude a contract, the additional legal basis for the processing shall be Article 6(1)(b) GDPR.
The personal data from the input screen is only processed in order for us to process the contact. In the event of contact via email, this is also the basis for the required legitimate interest in the processing of data.
Any other personal data processed during the sending process serves to prevent misuse of the contact form and to ensure the security of our information technology systems.
The data will be deleted as soon as it is no longer necessary for the purpose of its collection. For the personal data from the contact form input screen and the data sent by email, this is the case if the respective conversation with the user has ended. The conversation is deemed to be ended if it can be inferred from the circumstances that the relevant facts have been conclusively clarified.
Embedding and use of links to social media (Facebook, YouTube, et al.)
Links to external social network services such as Facebook, YouTube and Twitter are embedded on our website, in particular in the areas displaying our products. The responsibility for the internet services of these social network services lies solely with their operators. Below you will find further information, categorised according to the corresponding social network service.
None of your data is transferred to social media services as a result of our links to these services. These are normal hyperlinks, through which no regular data transmission takes place. If you click on the link, you will be taken directly to our social media page on the respective social media service. Data is only transmitted if you are logged into your user account of the corresponding social media service. You can then link to or share content from our websites directly using the social media service, or you can watch YouTube videos on our YouTube channel. Under certain circumstances, the social media service may thus ascertain which content you have viewed on our website.
The responsibility for the social media services linked to lies exclusively with:
- Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA, for Facebook and its website;
- Instagram, LLC, 1601 Willow Rd. Menlo Park, CA 94025, USA, for Instagram and its website;
- YouTube, LLC, 901 Cherry Ave., St. Bruno, CA 94066, USA, for YouTube and its website;
- Twitter Inc., 1355 Market St., Suite 900, San Francisco, CA 94103, USA, for Twitter and its website;
For further information regarding the purpose and scope of data collection, and regarding the further processing and use of your data by the respective social media service, see the privacy rules of the relevant service. These are available online:
- Facebook: https://www.facebook.com/about/privacy/
- Instagram: https://www.instagram.com/about/legal/privacy/
- YouTube: https://www.google.de/intl/de/policies/privacy/
- Twitter: https://twitter.com/privacy
Under the above-mentioned links you will also find information regarding settings for the protection of your privacy and regarding your further rights concerning the processing of your data by the respective social network service.
Advertising via email (e.g. email newsletter)
On our website you have the opportunity to subscribe to a free newsletter. When you sign up for the newsletter, the data from the input screen is transmitted to us.
The following data is also collected when you sign up:
- IP address of the accessing computer
- Date and time of registration
When you purchase products or services on our website and leave your email address, this may then be used by us to send you a newsletter. If this is the case, the newsletter will only contain direct advertisements for similar products or services from our own range.
No data is passed on to third parties in conjunction with data processing for the dispatch of newsletters. The data is used exclusively for sending the newsletter.
The legal basis for processing data after sign-up for the newsletter by the user if the user’s consent is given is Article 6(1)(a) GDPR.
The legal basis for sending the newsletter due to a product or service being sold is § 7 (3) of the German fair trade law (UWG).
The user’s email address is collected so that the newsletter can be sent.
The collection of other personal data as part of the sign-up process serves to prevent misuse of services or of the email address used.
The data will be deleted as soon as it is no longer necessary for the purpose of its collection. As such, the user’s email address will be stored for as long as the newsletter subscription is active.
The newsletter subscription may be cancelled by the user at any time. A link to do so can be found in every newsletter.
This also allows the user to withdraw the consent to storage of the personal data collected during the sign-up process.
We take precautions to ensure the security of your personal data. Your data will be diligently protected against loss, destruction, manipulation and unauthorised access or unauthorised disclosure and transmission.
We protect collected customer data by saving it on servers protected by passwords and “firewalls” that use encryption technologies to prevent unauthorised access.
We implement state-of-the-art technology and do our utmost to provide you with a secure environment for the completion of your order; however, we cannot guarantee absolute security of your data.
We ask you to take every available precaution to protect your personal data when online. We encourage you to at least change your passwords on a regular basis, to use a combination of letters and numbers, and to ensure you use a secure browser when surfing the internet.
Rights as a data subject
If your personal data is processed, you are a data subject as defined in the GDPR and you have the following rights with regard to the controller:
- Information, rectification, restriction and deletion
You have the right to access the data stored about you and information concerning its origin and recipient and the purpose of data processing by our website free of charge at any time. In addition, you have the right to rectify, delete or restrict the processing of your personal data, provided the legal requirements to do so are met.
Details can be found in the relevant statutory provisions, Article 15 to 19 GDPR.
- Right to data portability
You have the right to receive the personal data concerning you that you have provided to us as the controller, in a structured, commonly used and machine-readable format. We can comply with this right by providing a csv export of the customer data processed about you.
- Right to information
If you have exercised your right of rectification, deletion or restriction of processing against the controller, the controller is obliged to notify all recipients to whom your personal data has been disclosed of this rectification or deletion of data or restriction of processing, unless this proves to be impossible or involves a disproportionate effort.
You have the right to be informed about these recipients by the controller.
- Right to object
You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you that is based upon point (e) or (f) of Article 6(1) GDPR, including profiling based upon those provisions.
The controller shall no longer process the personal data concerning you unless the controller demonstrates compelling legitimate grounds for the processing that override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims.
Where your personal data is processed for direct marketing purposes, you have the right to object at any time to processing of personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing.
If you object to processing for direct marketing purposes, your personal data will no longer be processed for such purposes.
In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, you may exercise your right to object by automated means using technical specifications.
- Revocability of declarations of consent under data protection law
You may also revoke your consent with regard to us at any time with effect for the future using the contact details given below.
- Right to lodge a complaint with a supervisory authority
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of personal data relating to you infringes the GDPR.
The supervisory authority with which the complaint has been lodged will inform the complainant on the progress and the outcome of the complaint including the possibility of a judicial remedy pursuant to Article 78 GDPR.
Responsible authority, contact person for queries or exercising your rights as a data subject, contact
The responsible authority within the meaning of the data protection regulations for all data processing through our website is:
Thomann GmbH, Hans Thomann Strasse 1, 96138 Burgebrach-Treppendorf, Germany
In the event of any questions, comments, complaints or to exercise your rights as a data subject in connection with our Privacy Notice and the processing of your personal data by our websites, you can contact our Data Protection Officer directly by email: (firstname.lastname@example.org). He will gladly take care of your data protection concerns.