- Mia Light GmbH
- Harmate 42
- 48683 Ahaus
Data protection policy
1. Name and contact details of the data controller
MIA Light GmbH
Managing directors: Arbona Ay
D - 48683 Ahaus
Tel: +49 (0) 2561 - 8660 745 | firstname.lastname@example.org
Contact details of the data protection officer:
Our data protection officer can be contacted by post at the address of the data controller and by email at email@example.com.
2. Extent and purpose of processing of personal data
2.1 Accessing the website
When accessing this website, the internet browser used by the visitor automatically sends data to the server of this website, which is stored temporarily in a log file. The following data is saved without further input by the visitor until it is erased automatically:
- IP address of the visitor’s end device
- Recording of the geo location
- Date and time of access by the visitor
- Name and URL of the page accessed by the visitor
- Website from which the visitor accessed the website (so-called referrer URL)
- Browser and operating system of the visitor’s end device and name of the access provider used by the visitor
- Browser language
Processing of this personal data is justified under Art. 6 (1) subparagraph 1 (f) GDPR. We have a legitimate interest in data processing for the purpose of
- establishing the link to the website quickly
- facilitating user-friendly use of the website
- detecting and guaranteeing the security and stability of the systems
- simplifying and improving administration of the website.
This processing is expressly not for the purpose of identifying the visitor to the website.
2.2 Contact form
Visitors can send messages to us via an online contact form on the website. We require your name and a valid email address so that we can answer your query. The person submitting the query can provide all of the other information voluntarily. When you use the contact form, you confirm that you are aware of this policy and agree to the processing of the data submitted. Data processing is carried out exclusively for the purpose of processing and answering queries via the contact form. This takes place on the basis of the voluntary consent provided in accordance with Art 6 (1) subparagraph 1 (a) GDPR. If the grounds for storage no longer obtain, the data is erased.
Registration as a customer
If you register for our web shop, the following data is collected by us:
Permission for collection of this data is based on Article 6 (1) (b).
The data is stored for 10 years, in accordance with the statutory regulations. Provided that there are no other grounds for storage when this period elapses, the data is erased.
Ordering in the web shop
When you place an order in the web shop, the following data is collected about you:
If you are registered as a customer, the address and contact details set up for you are used for your order when you log in. If you do not live in Germany, you must also provide your VAT registration number.
If you order as a guest, the following data is collected about you:
Your VAT registration number, if applicable
The data is stored for 10 years, in accordance with the regulations.
If you use our complaint form, the following data is collected by us:
This data is erased when the statutory storage periods elapse.
3. Transfer of data
If you submit a leasing application to us, the data is forwarded to the leasing bank providing the finance:
Article details (shopping basket with value)
When you apply, you are forwarded directly to the corresponding website of our partners to provide further data. These are:
PayPal (Europe) S.à r.l. et Cie, S.C.A.
22-24 Boulevard Royal
Personal data is transferred to third parties if
- the data subject has expressly consented to this pursuant to Art. 6 (1) subparagraph 1 (a) GDPR,
- transfer pursuant to Art. 6 (1) subparagraph 1 (f) GDPR is required to establish, exercise or defend against legal claims and there are no grounds to assume that the data subject has an overriding legitimate interest in not having his or her data transferred,
- there is a statutory obligation for the data transfer pursuant to Art. 6 (1) subparagraph 1 (c) GDPR, and/or
- it is required pursuant to Art. 6 (1) subparagraph 1 (b) GDPR to fulfil a contractual relationship with the data subject.
In other cases, personal data is not passed on to third parties.
So-called cookies are used on the website. These are data packages that are exchanged between the website server and the visitor’s browser. They are stored by the devices used to visit the website (PC, notebook, tablet, smartphone, etc.). Cookies cannot damage the devices used. In particular, they do not contain any viruses or other malware. The cookies store information associated with the specific end device used. This information does not allow us under any circumstances to determine the identity of the website visitor.
Under the default browser settings, cookies are usually accepted. The browser settings can be adjusted either to reject cookies on the devices used or to provide specific information before a new cookie is stored. We wish to point out, however, that deactivating cookies may mean that some of the functions of the website cannot be used at their best.
Cookies serve to make use of our website more convenient. For example, session cookies can be used to determine whether the visitor has previously visited individual pages of the website. These session cookies are erased automatically when you leave the website.
Temporary cookies are used to improve user-friendliness. They are stored for a temporary period on the visitor’s device. If the visitor returns to the website, it is possible to recognise that he or she has accessed the page previously and to apply the inputs and settings that were used on that occasion so that they do not have to be repeated. No personal data is processed in this connection.
Cookies are also used to analyse access to the website for statistical purposes and for the purpose of improving what we offer. These cookies make it possible to recognise automatically that the website has previously been accessed by the visitor. The cookies are erased after a fixed period.
The data processed by means of cookies is justified for the above purposes in order to pursue the legitimate interests of the legal practice pursuant to Art. 6 (1) subparagraph 1 (f) GDPR.
5. Analysis services for websites, tracking
This website uses Google Analytics, a web analysis service of Google Inc. (“Google”). Google Analytics uses so-called “cookies”, text files that are stored on your computer and that facilitate analysis of your use of the website. The information generated by the cookie about your use of this website is usually transferred to a Google server in the USA and stored there. If IP anonymisation is activated on this website, your IP address will first be truncated by Google within Member States of the European Union or in other countries that are signatories to the Agreement on the European Economic Area. Please note that Google Analytics on this website has been extended to include the code “gat._anonymizeIp();” to ensure anonymised collection of IP addresses (so-called IP masking).
Only in exceptional cases will the full IP address be transferred to a Google server in the USA and truncated there. Google uses this information on behalf of the operator of this website to evaluate your use of the website, to compile reports about website activities, and to provide other services associated with use of the website and the internet for the website operator. The IP address transferred by your browser in the context of Google Analytics is not associated with any other Google data. You can prevent storage of the cookies by means of a corresponding setting in your browser software; we wish to point out, however, that in this case you may not be able to use all of the functions of this website to their full extent. In addition, you can prevent collection of the data generated by the cookie relating to your use of the website (including your IP address) by Google and the processing of that data by Google by downloading and installing the browser plug-in available from the following link:http://tools.google.com/dlpage/gaoptout?hl=en
The legal basis for use of the analytical tool is Art. 6 (1) subparagraph 1 (f) GDPR. Website analysis is in the legitimate interests of our company and is used for statistical recording of the use of the site for ongoing improvement of our website and the services we offer.
Facebook remarketing / retargeting
Remarketing tags of the social network Facebook, 1601 South California Avenue, Palo Alto, CA 94304, USA are integrated into our pages. When you visit our site, the remarketing tags establish a direct connection between your browser and the Facebook server. Facebook is thereby notified that you have visited our site with your IP address. As a result, Facebook can associate the visit to our site with your user account. We can use the information obtained in this way to display Facebook ads. Please note that, as the provider of the web pages, we have no knowledge of the content of the data transferred and how it is used by Facebook. You can find further information about this in the data protection policy of Facebook at https://www.facebook.com/about/privacy/. If you do not want Custom Audience to collect your data, you can deactivate Custom Audience here.
Conversion measurement with the Facebook visitor action pixel
With your consent, we use the “visitor action pixel” of Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA (“Facebook”) on our website. We can use it to track users’ actions after they have seen or clicked on a Facebook advertisement. In this way, we are able to record the effectiveness of Facebook advertisements for statistical and market research purposes. The data collected in this way is anonymous; in other words, we do not see the personal data of individual users. This data is stored and processed by Facebook, however, and we provide you with information about this to the best of our knowledge. Facebook can associate this data with your Facebook account and also use it for its own marketing purposes, in accordance with Facebook’s data usage policyhttps://www.facebook.com/about/privacy. You can enable Facebook and its partners to display advertising on and outside Facebook. A cookie may also be stored on your computer for this purpose.
Consent may be given only by users aged 13 and older. If you are younger, please ask your parent or guardian for advice.
7. Your rights as the data subject
Insofar as your personal data is processed when you visit our website, you have the following rights as the “data subject” within the meaning of the GDPR:
You have the right to demand from us confirmation as to whether or not personal data concerning you is being processed by us. There is no right to information if disclosure of the information requested would breach a confidentiality obligation or if the information must be kept secret on other grounds, in particular because of an overriding legitimate interest of a third party. Notwithstanding the above, there may be an obligation to disclose the information if your interests override the confidentiality interest, in particular in view of imminent damages. The right to information is also excluded if the data is stored only because it cannot be erased on the basis of legal or statutory retention periods, is used exclusively for purposes of backing up data or data protection monitoring, if disclosure of the information is associated with a disproportionately large amount of work, and if processing for other purposes is prevented by appropriate technical and organisational measures. If the right to information is not excluded in your case and your personal information is processed by us, you may demand information from us about the following:
- Purpose of processing
- Categories of your personal data processed
- Recipients or categories of recipients to whom your personal data is disclosed, in particular if those recipients are in third countries
- If possible, the planned period during which your personal data will be stored or, if this is not possible, the criteria for determining the storage period
- The existence of a right to rectification or erasure or restriction of processing of the personal data concerning you, or a right to object to that processing
- The existence of a right to complain to a supervisory authority for data protection
- Where the personal data was not collected from you as the data subject, the information available about the origins of the data
- The existence of automated decision-making, including profiling, and meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing
- Where personal data is transferred to a third country, if there is no decision of the EU Commission about the appropriateness of the level of protection pursuant to Art. 45 (3) GDPR, information about the appropriate safeguards provided for protection of personal data pursuant to Article 46 (2) GDPR.
7.2 Rectification and completion
If you establish that we have incorrect personal data about you, you may demand rectification of this incorrect data by us without undue delay. If the personal data concerning you is incomplete, you may demand that it be completed.
You have the right to erasure (“right to be forgotten”) if processing is not required to exercise the right to freedom of expression, the right to information or for fulfilment of a legal obligation or to complete a task that is in the public interest, and one of the following grounds applies:
- The personal data is no longer required for the purposes for which it was being processed.
- The justification for processing was exclusively your consent, which you have withdrawn.
- You have lodged an objection to processing of your data that we have made public.
- You have lodged an objection to processing of personal data that has not been made public by us and there are no overriding legitimate grounds for processing.
- Your personal data has been processed unlawfully.
- Erasure of personal data is required to fulfil a statutory obligation to which we are subject.
There is no right to erasure if, in the case of legal, non-automated data processing, erasure is not possible or is possible only with a disproportionately large amount of work and your interest in erasure is small. In this case, restriction of processing replaces erasure.
7.4 Restriction of processing
You may demand that we restrict processing if one of the following grounds applies:
- You contest the accuracy of the personal data. Restriction may be demanded in this case for a period that allows us to check the accuracy of the data.
- Processing is unlawful and you demand restriction of processing instead of erasure of your personal data.
- Your personal data is no longer required by us for the purposes of processing, but you require it to establish, exercise or defend against legal claims.
- You have lodged an objection pursuant to Art. 21 (1) GDPR. Restriction of processing may be demanded as long as it has not been established whether our legitimate grounds override your grounds.
Restriction of processing means that the personal data may be processed only with your consent, or to establish, exercise or defend against legal claims, or to protect the rights of another natural or legal person or for reasons of important public interest. Before we lift the restriction, we have the obligation to inform you of this.
7.5 Data portability
You have a right to data portability insofar as processing is based on your consent (Art. 6 (1) subparagraph 1 (a) or Art. 9 (2) (a) GDPR) or on a contract to which you are a contracting party and processing is carried out with the aid of automated procedures. The right to data portability includes the following rights in this case, provided that the rights and freedoms of other people are not hereby impaired: You may demand from us the personal data that you have provided to us in a structured, commonly used and machine-readable format. You have the right to transmit this data to another data controller without hindrance. Where technically feasible, you may demand of us that we transmit your personal data directly to another data controller.
Where processing is based on Art. 6 (1) subparagraph 1 (e) GDPR (performance of a task carried out in the public interest or in the exercise of official authority vested in the controller) or on Art. 6 (1) subparagraph 1 (f) GDPR (legitimate interest of the data controller or a third party), you have the right to object at any time, on grounds relating to your particular situation, to processing of personal data concerning you. This also applies to profiling based on Art. 6 (1) subparagraph 1 (e) or (f) GDPR. Once you have exercised your right to object, we shall no longer process your personal data unless we can demonstrate compelling legitimate grounds for processing that override your interests, rights and freedoms, or if processing serves to establish, exercise or defend against legal claims.
You may lodge at any time an objection to processing of the personal data concerning you for the purposes of direct marketing. This also applies to profiling associated with such direct marketing. Once you have exercised this right to object, we shall no longer use the personal data concerning you for purposes of direct marketing.
You have the option to notify us informally of your objection by telephone, email, fax or by writing to the postal address of our legal practice provided at the beginning of this data protection policy.
7.7 Withdrawal of consent
You have the right to withdraw consent that you have given at any time, with effect from that point forward. Withdrawal of consent may be communicated informally by phone, email, fax or to our postal address. The withdrawal does not affect the lawfulness of the data processing that has been carried out based on your consent up to the point of receipt of its withdrawal. On receipt of the withdrawal, the data processing based exclusively on your consent shall stop.
If you believe that processing of the personal data concerning you is unlawful, you can lodge a complaint with a supervisory authority for data protection that is responsible for your habitual place of residence or workplace, or for the place of the alleged breach.
8. Version and updating of this data protection policy
This version of the data protection policy was drafted on 25 May 2018. We reserve the right to update this data protection policy at the appropriate time to improve data protection and/or to adapt it to changes in supervisory practice or legislation.