Data Privacy Statement
Thank you for your interest in our company. We take data protection seriously.
In principle, you can use our website without disclosing any personal data. Provided the data subject wishes to make use of services provided by our company over our website, the processing of personal data could become necessary. When the processing of personal data is necessary and no legal basis has been provided for this, we always seek the consent of the person in question.
The processing of personal data (name, address, email address or telephone number of the data subject, for example) always takes place in accordance with the General Data Protection Regulations (GDPR) and in agreement with the applicable, country-specific data protection regulations.
With the data privacy statement below we wish to inform the public about the nature, extent and purpose of the personal data collected, used and processed by us. This data privacy statement will also inform the persons concerned – the data subjects – about the rights to which they are entitled.
As those responsible for data processing, we have implemented numerous technical and organizational measures to ensure the best possible end-to-end protection of the personal data processed over our website. In principal, data transmission over the Internet can be subject to security vulnerabilities. Consequently, 100% protection cannot be guaranteed. Anyone communicating personal data to us thus also has the option of communicating this data over the telephone, for example.
1. Definitions
This data privacy statement is based on the definitions used by European regulators for the adoption of the General Data Protection Regulation (Article 4 GDPR). This data privacy statement shall not only be easy readable for anyone but easily understood as well. You can access the GDPR over the following link:
eur-lex.europa.eu/legal-content/EN/TXT/PDF/
The goal of our data privacy statement is to inform you in a simple and intelligible way about how we process your personal data on our web pages and apps. To ensure this, we would first like to explain the definitions we use. Among others, the following definitions are used:
· "personal data" refers to all information that relates to an identified or identifiable natural person ("data subject" hereafter); identifiable being considered a natural person who can be directly or indirectly identified, in particular through the assignment of an identifier such as a name, an identification number, location information, an online identification or one or more special characteristics which are the expression of this natural person’s physical, physiological, genetic, psychic, economic, cultural or social identity;
· "data subject" refers to any identified or identifiable natural person whose personal data is processed by those responsible for data processing.
· "processing" refers to any manual or automated procedure – or any series of operations – carried out in connection with personal data. This includes its collection, recording, organization, structuring, saving, amending or editing, retrieving, querying, using, disclosing through transmission, dissemination or other form of provision; matching or linking, restriction, deletion or destruction;
· "processing restriction" is the earmarking of stored personal data with the intent of restricting its processing in the future;
· "profiling" refers to any kind of automated processing of personal data that entails using this personal data to assess certain personal aspects that pertain to a natural person, particularly aspects regarding work performance, economic situation, health, personal preferences, interests, reliability, behavior; analyzing or predicting this natural person’s location or change of location;
· "controller" refers to the natural or legal person, authority, institution or other entity that solely, or collectively with others, decides upon the ends and means of the processing of personal data; if the ends and means of this processing has been prescribed by European Union or Member State Law, the controller – or the specific criteria for its/their nomination – can be stipulated by either Union or Member State Law;
· "recipient" is a natural or legal person, authority, institution or other entity to which personal data is revealed, regardless of whether this refers to a third party or not. However, authorities that receive personal data within the framework of a particular inquiry under Union or Member State Law shall not be regarded as recipients; the processing of this data by the named authorities takes place in compliance with the applicable data protection regulations in accordance with the ends of the processing;
· "third party" refers to a natural or legal person, authority, institution or other entity other than the data subject, the controller, the processor or the persons under direct responsibility of the controller or the processor who have been authorized to process the personal data;
· "consent" of the data subject is any voluntary, informed and unambiguous expression of intention for the given case that has been submitted in the form of a declaration or other type of conclusive, approving action by which the data subject indicates agreement with the processing of their personal data.
2. Name and contact details of the controller
This data privacy statement applies to data processing by:
Controller: Weseler Teppich GmbH h& Co. KG, Herr Markus Johannes Haick, Emmelsumer Strasse 218, 46485 Wesel, Germany, tel: +49 (0)281-81910, fax: +49 (0)281-81938, email: info@de.tretford.eu -
3. Contact details for those responsible for data protection:
BECHTLE Datenschutz Competence Center - Bechtle GmbH IT-Systemhaus, Parkstrasse 2-8, 47829 Krefeld, Germany, tel.: 02151 - 455 – 836, fax: 02151 - 455 – 77810, email: dsb@tretford.eu
4. Deletion and blocking of personal data
We only process and save the personal data of a data subject for the time period needed to reach the objective – or for the time period stipulated by applicable legislation that those responsible for processing are subject to.
Once the reason for saving the data no longer applies, or the retention period prescribed by law expires, all personal data is routinely blocked or deleted in accordance with legal requirements.
5. Collection and storage of personal data as well as the nature and purpose of usage
a) When visiting the website
In principle, you can use our website without disclosing your identity. When accessing our website, the browser on the terminal device you are using automatically sends information to our website's server. This information is temporarily stored in a so-called "log file". The following information is collected without your intervention and stored until it is automatically deleted:
· the IP address of the computer accessing the website,
· the date and time of access,
· the name and URL of the file accessed,
· the website from where the access occurs (referrer URL),
· the browser used and, in some cases, the operating system of your computer and the name of your access provider.
The data mentioned is processed by us for the following purposes:
· to guarantee a smooth connection for the website,
· to ensure the user-friendly usage of our website,
· for the evaluation of system security and stability as well as
· for other administrative purposes
The legal basis for processing this data is Article 6(1)(f) of the General Data Protection Regulation (GDPR). Our legitimate interests arise from the data collection purposes listed above. Under no circumstances will we use the data collected for the purpose of tracing it back to you.
In addition to this, we use cookies as well as analytic services when users access our website. This is explained in greater detail in points 9 and 11 of this data protection notice.
b) When using our contact form
We make it possible for you to contact us with questions of any kind by providing a form on our website. In order to know from whom the question came – and also to answer this question – personal data is communicated (mandatory fields) by filling out the input form. Additional entries can be added voluntarily. Whether you wish to enter this data in the contact form or not is your free decision.
Data processing for the purpose of making contact with us is done in accordance with Article 6(1)(a) of the GDPR, based on your given consent.
The personal data collected by us through your use of the contact form will be automatically deleted once your request has been handled.
Alternatively, contact is possible by using the email address provided. In this case, the personal data provided by the user is stored. There is no transfer of data to a third party in this context. The data is used exclusively for the processing of the conversation.
c) When placing orders over our website
You can place orders for color samples over our website. Your personal data will be entered into an input form in the process, sent to us and stored. When you place an order at our website the following data is collected:
· title, first name, last name,
· a valid email address,
· address,
· telephone and fax numbers,
· intended use
The collection of this data is done for the following purposes:
- to process, fulfill and conclude your order;
· to have correspondence with you;
· to ensure the technical administration of our website
Within the framework of the order process, your consent will be obtained to process this data.
The data processing takes place with your order and / or registration and is necessary, pursuant to Article 6(1)(b) of the GDPR, for the purposes mentioned to properly process your order and for the mutual fulfillment of the purchase contract.
The personal data collected by us for the processing of your order will be stored until expiry of the legal obligation to retain it and then deleted. This is not the case, however, if we are obligated under Article 6(1)(c) of the GDPR to keep the data for a longer period due to retention and documentation obligations arising from tax and commercial laws (from the German Commercial Code, German Penal Code or directives), or you have agreed to a longer retention period beyond this under Article 6(1)(a) of the GDPR.
6. Further explanation on the legal basis of the processing
Article 6(1)(a) of the GDPR serves Weseler Teppich GmbH & Co. KG as the legal basis for processing operations in which consent for a particular processing purpose must be given. If the processing of personal data is necessary for the performance of a contract in which the data subject is the contracting party, the processing relies on Article 6(1)(b) of the GDPR. The same applies for processing operations that are necessary to carry out pre-contractual measures, for instance, in cases where there are enquiries about our services and products. For cases in which Weseler Teppich GmbH & Co. KG is subject to a legal obligation through which the processing of personal data is necessary, processing is based on Article 6(1)(c) of the GDPR. In rare cases, the processing of personal data could become necessary in order to protect the vital interests of the data subject or of another natural person. In this case, the processing relies on Article 6(1)(d) of the GDPR. Furthermore, processing operations could rely on Article 6(1)(f) of the GDPR. Processing operations are based on this legal basis if they are not accounted for in any of the aforementioned legal bases and if the processing is necessary to safeguard a legitimate interest of Weseler Teppich GmbH & Co. KG or of a third party, insofar as this does not override the interests, basic rights and fundamental freedoms of the data subject. Such processing operations are explicitly permitted by us because they are specifically referred to by European lawmakers (see recital 47, clause 2 of the GDPR).
7. Consideration of legitimate interests
When the processing of personal data is based on Article 6(1)(f) of the GDPR, the legitimate interest of Weseler Teppich GmbH & Co. KG is the performance of our business activities for the benefit of our staff and shareholders.
8. Passing on of data
We pass on your personal data to third parties solely within the framework of order processing and only to those service partners involved, for example, to the logistics company responsible for delivery. In cases in which your personal data is passed on to third parties, however, the scope of the data transferred is restricted to the necessary minimum.
Your personal data will not be passed on to third parties other than for the aforementioned purposes.
We will only pass on your personal data to third parties for the following reasons:
· you have expressly consented to this in accordance with Article 6(1)(a) of the GDPR,
· it is necessary to pass on this data in accordance with Article 6(1)(f) of the GDPR for the purpose of asserting, exercising or defending legal claims and there is no reason to assume that you have an overriding interest worthy of protection relating to the non-disclosure of your data,
· a legal obligation to pass on this data exists as per Article 6(1)(c) of the GDPR and
· it is legally permissible and necessary for the purposes of processing contractual relationships with you as defined under Article 6(1)(b) of the GDPR.
Your consent will be obtained to pass on this data to third parties within the framework of the order process.
9. Use of Cookies
This website uses cookies. These are little text files that you browser automatically creates and that are stored on your end device (laptop, tablet, smart phone or the like) when you access our website. Cookies will not damage your end device; they don’t contain viruses, Trojans or other malware.
Cookies store information that arises in connection with the particular end device used. This does not, however, mean that we directly get information about your identity.
One the one hand, cookies help us to make our web presence more pleasant for you to use. We use so-called "session cookies" which recognize when you have already accessed individual pages of our website. These are automatically deleted once you leave our website.
Beyond this, we also employ temporary cookies to optimize the site’s user-friendliness. These session cookies are stored on your terminal device for a defined period of time. When you return to our website at a later time to use our services, the website will automatically recognize that you have visited us before and will recognize which data you have entered and which settings you have made so that you will not have to input these again.
On the other hand, we also use cookies to collect statistical data on how our website is used to analyze this data for the purpose of improving the website for you (see point 7). When you re-access our website these cookies enable us to recognize automatically that you are a return visitor. In each case, these cookies are deleted after a specifically-defined period of time.
The data processed by means of the cookies is required for the mentioned purposes to safeguard our legitimate interests and the interests of third parties pursuant to Article 6(1)(f) of the GDPR.
Most browsers accept cookies automatically. You may, however, configure your browser in such a way that cookies cannot be stored on your computer. Or it can be configured so that a message always appears prior to the creation of a new cookie. Please note that completely deactivating cookies may entail not being able to use the full functionality of our website.
10. Links to third party websites
The links published on our website are researched and compiled by us with utmost care. We have, however, no influence on the current and future design and content of the linked pages. We cannot be held responsible for the content of the linked sites and expressly do not espouse their content. The operator of the linked website has sole responsibility and liability for any illegal, erroneous or incomplete content as well as for any damages ensuing from the use, or non-use, of the information provided. Any liability for those who merely point to the publication by means of a link is excluded. We can be held responsible for external referrals only if we have positive knowledge of them – including knowledge of any possible illegal or actionable content – and it is technically feasible and reasonable of us to prevent their use.
11. Web analysis and tracking tool "Matomo"
The tracking measures we use, and which are outlined as follows, are implemented pursuant to Article 6(1)(f) of the General Data Protection Regulation. We employ the tracking measures to continuously optimize our website and to align it with our users’ needs. We also use tracking measures to collect statistical data on how our website is used and to evaluate this data so we can optimize our offer. These interests can be seen as justified as per the foregoing provision.
The data processing purposes and data categories can be found in the corresponding tracking tools.
We use the open source tool "Matomo" (formerly "PIWIK") to analyze the surfing behavior of our users. This software places a cookie on the user’s computer (see "Cookies" above). Whenever individual pages of our website are called up, the following data is stored:
(1) 2 bytes of the IP address of the user’s accessing system (for ex.: 192.168.xxx.xxx)
(2) the called up website
(3) the website from which the access occurs (referrer)
(4) the sub-pages that are accessed from the website that was called up
(5) time spent on the website
(6) how frequently the website is called up
In so doing, the software runs exclusively on the servers of our website and storage of our users’ personal data does not take place there. Furthermore, this data is not passed on to third parties.
More detailed information is available at: matomo.org/docs/privacy/
12. Social Media Plugins
We use social plug-ins (from Facebook, YouTube, Instagram, Pinterest, for example) on our website based on Art. 6(1)(f) GDPR to make our company better known. The promotional purpose behind this is a legitimate interest in line with the General Data Protection Regulation. Responsibility for data protection compliant operation rests with the respective operator. We integrate plug-ins into our site by means of the so-called double click method to protect visitors to our site as best possible.
a) Facebook
Our website uses social media plug-ins from Facebook to customize its use. We use the "Like" or "Share" buttons for this purpose. This is a Facebook offer.
When you call up a plug-in-containing page from our website, your browser automatically establishes a direct connection to Facebook servers. The content of the plug-in is then transmitted to your browser by Facebook and integrated in the website.
Through the integration of the plug-in, Facebook receives information that your browser has already accessed the relevant website page. This is the case even if you don’t have a Facebook account or aren’t currently logged on to Facebook. This information (including your IP address) is subsequently transmitted from your browser directly to a server in the United States and stored there.
Facebook can directly associate your accessing of this website to your Facebook account if you are logged in to Facebook. If you interact with the plug-ins by, for example, activating the "Like" or "Share" buttons, this information will also be directly transmitted to a Facebook server and stored there. Moreover, this information is also published on Facebook where it will be available to the public.
Facebook can use this information for the purposes of advertising, market research and the customization of the Facebook pages. To do this, Facebook creates profiles regarding usage, interests and relationships, for example, to analyze your use of our website regarding the advertisements displayed to you by Facebook, to inform other Facebook users about your activities on our website and to provide additional services in connection with your use of Facebook.
Should you not want Facebook to be able to associate the data collected via our website to your Facebook account, be sure to log out of your Facebook account prior to accessing our website.
For information on the purpose and scope of the data acquisition and its subsequent processing and use by Facebook – as well as your rights in respect to this and the available setting options you have to protect your privacy – please consult the data protection policy, especially Facebook’s privacy policy, which can be accessed at: https://www.facebook.com/about/privacy/
b) YouTube
This website uses YouTube’s embed function to display and play videos by the provider "YouTube", which belongs to Google LLC., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("Google").
These videos are integrated in expanded data protection mode, meaning that no data concerning you as a user is transferred to YouTube if you do not play any of the videos. It is only when you play the videos that the data stated in paragraph two is transferred. We do not have any influence on this data transfer.
The integration occurs in expanded data protection mode which, according to the provider, only stores user information if the video is played. When an integrated YouTube video is started, the provider "YouTube" uses cookies to gather information on user behavior. According to "YouTube" these serve, among other things, the purpose of gathering statistics on the videos, to improve user-friendliness and to prevent improper conduct. If you are logged into Google, your data is directly associated to your account if you click on a video. If you do not want this association with your profile at YouTube you must log out prior to activating the button. Google stores your data (even for users who are not logged in) as user profiles and evaluates it. This evaluation takes place pursuant to Article 6(1)(f) of the GDPR on the basis of Google’s legitimate interests in displaying personalized advertising, conducting market research and / or customization of the website design. You may object to the creation of a user file, however, you must get in touch with YouTube directly to exercise this right.
Regardless of whether the embedded videos are played, every time this website is accessed, a link to the Google network "DoubleClick" is recorded. This can trigger additional data processing over which we have no influence.
Google LLC, based in the United States, is certified for the US-European data protection agreement "Privacy Shield" which ensures compliance with the level of data protection applicable to the EU.
For further information concerning data protection at YouTube, please consult the provider’s data protection statement under https://www.google.de/intl/de/policies/privacy
c) Instagram
We promote the service "Instagram" on our website. By clicking on a link to Instagram – or clicking on an Instagram button – you get to Instagram where data is collected. We have no influence over the scope of the data that Instagram collects.
To find out which data is collected by Instagram, for what purpose this is done and how this data is processed and used – as well as information on your related rights and setting option to protect your privacy – please read Instagram’s data protection notice under https://help.instagram.com/155833707900388
d) Pinterest
Our website uses plug-ins from the social network Pinterest. By clicking on a link to Pinterest, or on a Pinterest button, you get to Pinterest where data is collected by Pinterest. We have no influence on the scope of the data that Pinterest collects. https://policy.pinterest.com/en/privacy-policy
e) Use of Google Maps and Google Fonts:
This portal uses Google Maps to show maps and to prepare route maps. Google Maps is operated by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. By using this website you declare your consent to the collection, processing and use of automatically collected data – as well as the data you enter yourself – by Google, one of its representatives or a third party provider. The terms of use for Google Maps can be found under Google Maps’ Terms of Service. Extensive details can be found in the Data Protection Center of google.de: Transparency and options as well as data protection regulations.
Accessing our website also entails the loading of so-called "Google fonts" by the Google servers to present our website text, provided that this font is not already in your browser cache. Google is responsible for the processing of your data, which is sent when your browser sends a request to the server. Information concerning Google fonts can be found here; Google’s Data Protection Policy can be accessed here.
13. Rights of the data subject
You have the right:
- to demand information about your personal data processed by us pursuant to Article 15 of the GDPR. In particular, you have the right to information concerning the purposes of this processing , the category of personal data processed, the category of recipients to whom your data has – or will be – disclosed, the intended storage duration, the existence of a right to correct, delete or limit the processing and also to object to processing. Furthermore, you have to right to lodge a complaint, to demand information on the source of your data, provided that it was not collected by us, and to demand information on the existence of automated decision-making, including profiling and, as the case may be, to be given any significant information regarding the details;
- pursuant to Article16 GDPR, to demand the correction or completion of any personal data stored with us;
- pursuant to Article 17 GDPR, to demand the deletion of personal data stored by us insofar as processing the data in question is not required to exercise the right to free expression of opinion and information, to meet a legal requirement, for public interest purposes or to assert, exercise or defend legal claims;
- pursuant to Article 18 GDPR, to request a limitation of the processing of your personal data insofar as you contest its correctness, or its processing is unlawful but you don’t want to have the data deleted. Here we would no longer require this data though you need it for the purpose of asserting, exercising or defending legal claims or you, pursuant to Article 21 GDPR, have objected to the processing of said data;
- pursuant to Article 20 GDPR, to demand that the personal data you have provided be made available to you in a structured, standard, machine-processable format or to demand its transmitting to another responsible person;
- pursuant to Article 7(3) GDPR, to revoke your consent for us to use your personal data at any time. In this case, we must discontinue processing this data and;
- pursuant to Article 77 GDPR, to lodge a complaint with a supervisor authority. In general, this can be done at a supervisory authority at your usual place of residence or workplace or you can contact our company seat.
14. Right of Objection
Insofar you your personal data is processed for legitimate interests in accordance with Article 6(1)(f) of the GDPR, you have the right – in accordance with Article 21 – to object to your personal data’s processing provided that there are reasons arising from your particular situation for this or in case you object to direct advertising. In the latter case, you have a general right of objection that we must implement without being given information regarding the particular situation. If you wish to exercise your right of revocation or objection simply send an email to: info@de.tretford.eu
15. Data Security
We use the Secure Socket Layer (SSL) protocol – in conjunction with the highest level of encryption that your browser supports – in connection with your visit to our website. Generally, this will be a 256- bit encryption. In case your browser cannot support 256-bit encryption, we will draw on the 128-bit v3 technology instead. Whether an individual page of our website is transmitted encrypted is something that you can recognize by the closed representation of the key or lock symbols in your browser’s bottom status bar.
Appropriate and organizational security measures are used, by the way, to protect your data against random or intentional manipulation, partial or complete loss, destruction or unauthorized access by third parties. Our security measures are continuously improved in step with technological advancements.
16. Topicality and modifications to this data protection notice
This data protection notice is currently valid and was last updated in May 2018.
The evolution of our website and its offers – or modifications that become necessary owing to changed statutory requirements or government standards, may make it necessary to update this data protection statement. The most up-to-date data protection notice can be accessed on our website at any time under the following link: