Data protection statement
Status May 2018

We are pleased about your visit on our website. We not only take the protection of your data very seriously, we even see it as a customer-oriented quality feature. Compliance with the General Data Protection Regulation (GDPR) is therefore a matter of course for us. In the following we present which data we collect, for what purposes they are used and how we protect them.

1. Who is the responsible body?

Responsible body in the sense of data protection law is

PHOS Design GmbH
Werftstraße 12
76189 Karlsruhe, Germany
Phone +49 (0) 721 530 772-0
Fax +49 (0) 721 530 772-22
E-mail: phos@phos.de

Managing partner:
Mario Erich Grundmann
Local Court Mannheim HRB 704750
VAT No.: DE 260666483

A data protection officer has been appointed:
Mr. Sebastian Kusenbach
Werftstraße 12
76189 Karlsruhe, Germany
Phone: +49 (0) 721 530 772-18
E-Mail: datenschutz@phos.de

2. When and for what purpose is data collected?

When visiting our website

Every time you visit our website, server log file information that your browser transmits to us is automatically recorded. These are:

  1. IP address (Internet Protocol address) of the accessing computer
  2. The website from which you are visiting us (referrer)
  3. The web page which you visit with us
  4. The date, time and duration of the visit
  5. Browser type
  6. Operating system
  7. Host name of the accessing computer

These data are not combined with other data sources.

The basis for data processing is Art. 6 para. 1 lit. f GDPR, which permits the processing of data for the fulfilment of a contract or pre-contractual measures.

This data is anonymized and cannot be assigned to a specific person.


We use this technical access information exclusively for the following purposes:

  1. to improve the attractiveness and usability of our websites
  2. to detect technical problems on our website at an early stage
  3. to deliver the contents of our website correctly
  4. and to protect law enforcement authorities in the event of a cyber attack, which is intended to provide the necessary information for law enforcement.

This data is stored for a maximum of 7 days as a technical precaution to protect the data processing systems against unauthorized access.

We would like to point out that data transmission over the Internet (e.g. communication by E-Mail) can have security gaps. A complete protection of data against access by third parties is not possible.

Further data collection is explained in points 4 and 5.

SSL or TLS encryption

This site uses SSL or TLS encryption for security reasons and to protect the transmission of confidential content, such as orders or requests that you send to us as the site operator. You can recognize an encrypted connection by the fact that the address line of the browser changes from "http://" to "https://" and by the lock symbol in your browser line.

If SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.

Phone

If you contact us by telephone, only the date and time of the call, the telephone number, if this is not suppressed and the duration of the telephone call are stored by our telephone software. If you inform an employee of further data, it will be stored in our ERP system in order to be able to fulfil the services you require.

Telefax

If you send us a fax, only your fax number, the date and time of arrival are stored in our telephone software. If you inform an employee of further data, it will be stored in our ERP system in order to be able to fulfil the services you require.

E-Mail

If you send us an e-mail, we will collect the following data:

  1. your E-Mail address,
  2. Possibly visible further e-mail addresses (carbon copy)
  3. The date and time of receipt of the e-mail
  4. Subject
  5. E-Mail text
  6. Possibly attached files
  7. If you provide us with further data, these will be stored in our ERP system in

    order to be able to fulfil the services requested by you.

Website contact form

If you send us a message via the contact form on our homepage, we will collect the following data:

  1. The selection of the checkboxes (message / feedback, offer or order)
  2. The filled out contact fields
  3. Text of the message
  4. The date and time of receipt of the message
  5. Browser type
  6. Operating system
  7. If you provide us with further data, these will be stored in our ERP system in

    order to be able to fulfil the services requested by you.

Subscribe to our newsletter

If you register on our homepage to receive our newsletter, the following data will be collected:

  1. The filled out contact fields
  2. The date and time of receipt of the message

Visit to a shop or trade fair stand

If you visit us in our shop or at an exhibition stand, we collect the following data:

  1. The contact details you provide; verbally or in writing
  2. Date of contact
  3. If you provide us with further data, these will be stored in our ERP system in

    order to be able to fulfil the services requested by you.

Postal

If you send us your request by post, we will collect the following data:

  1. Sender address
  2. Contact person, if necessary
  3. The letter or the package itself
  4. If you provide us with further data, these will be stored in our ERP system in

    order to be able to fulfil the services you require.

3. What personal data is passed on?

We will only use your personal data for the purposes stated in this privacy policy.

Data transfer for contract fulfilment

For the fulfilment of the contract we pass on your data to the shipping company commissioned with the delivery, as far as this is necessary for the delivery of ordered goods.

Depending on which payment service provider you select in the order process, we pass on the payment data collected for the processing of payments to the credit institution commissioned with the payment and, if applicable, to payment service providers commissioned by us or to the selected payment service.

Some of the selected payment service providers also collect this data themselves if you have created an account there. In this case, you must log in to the payment service provider with your access data during the ordering process.

The data protection declaration of the respective payment service provider applies in this respect.

4. What are cookies used for?

Cookies serve to make our website more user-friendly, effective and secure. Cookies are small text files that are stored on your computer and saved by your browser. Cookies do not cause any damage to your computer and do not contain any viruses.

Most of the cookies we use are so-called "session cookies". They are automatically deleted at the end of your visit. Other cookies remain stored on your terminal until you delete them. These cookies enable us to recognize your browser the next time you visit our website.

You can set your browser so that you are informed about the setting of cookies and only allow cookies in individual cases, exclude the acceptance of cookies for certain cases or generally and activate the automatic deletion of cookies when closing the browser. When cookies are deactivated, the functionality of this website may be limited.

Cookies, which are necessary to carry out the electronic communication process or to provide certain functions desired by you (e.g. shopping basket function), are stored on the basis of Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in the storage of cookies for technically error-free and optimized provision of his services. As far as other cookies (e.g. cookies for the analysis of your surfing behaviour) are stored, these will be treated separately in this data protection declaration.

5.Use and application of tracking, analysis tools and social plugins

5.1 Google Analytics

This website uses functions of the web analysis service Google Analytics. The provider is Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

Google Analytics uses so-called "cookies". These are text files that are stored on your computer and enable an analysis of your use of the website. The information generated by the cookie about your use of this website is usually transferred to a Google server in the USA and stored there.

The storage of Google Analytics Cookies takes place on basis of art. 6 exp. 1 lit. f GDPR. The website operator has a legitimate interest in analysing user behaviour in order to optimise both his website and his advertising.

IP anonymization

We have activated the IP anonymisation function on this website. This will cause your IP address to be cut by Google within Member States of the European Union or in other countries party to the Agreement on the European Economic Area before being transmitted to the USA. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity and to provide the website operator with other services relating to website and Internet use. The IP address transmitted by your browser in the context of Google Analytics is not merged with other Google data.

Browser plugin

You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website. You can also prevent Google from collecting the data generated by the cookie and relating to your use of the website (including your IP address) and from processing this data by Google by downloading and installing the browser plug-in available under the following link: https://tools.google.com/dlpage/gaoptout?hl=en.

Objection to data collection

You can prevent Google Analytics from collecting your data by clicking on the following link. An opt-out cookie is set which prevents the collection of your data on future visits to this website: Disable Google Analytics.

More information on how Google Analytics handles user data can be found in Google's privacy policy: https://support.google.com/analytics/answer/6004245?hl=en.

Contract data processing

We have concluded a contract with Google for commissioned data processing and fully implement the strict requirements of the German data protection authorities for the use of Google Analytics.

Demographic features on Google Analytics

This website uses the "demographic features" function of Google Analytics. This allows reports to be created that contain information on the age, gender and interests of site visitors. This data comes from interest-related advertising by Google and from visitor data from third-party providers. This data cannot be assigned to a specific person. You can deactivate this function at any time via the ad settings in your Google account or generally prohibit the collection of your data by Google Analytics as described under "Objection to data collection".

5.2 Google AdWords and Google Conversion Tracking

This website uses Google AdWords. AdWords is an online advertising program of Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States ("Google").

In the context of Google AdWords we use the so-called conversion tracking. When you click on an ad served by Google, a cookie is set for conversion tracking. Cookies are small text files that the Internet browser places on the user's computer. These cookies expire after 30 days and are not used to personally identify users. If the user visits certain pages of this website and the cookie has not yet expired, Google and we can recognize that the user has clicked on the ad and has been redirected to this page.

Each Google AdWords customer receives a different cookie. Cookies cannot be tracked through the websites of AdWords customers. The information collected using the conversion cookie is used to generate conversion statistics for AdWords customers who have opted for conversion tracking. Customers see the total number of users who clicked on their ad and were redirected to a page with a conversion tracking tag. However, you will not receive any information that personally identifies users. If you do not wish to participate in tracking, you can object to this use by easily deactivating the Google Conversion Tracking cookie via your Internet browser under User Settings. They are then not included in the conversion tracking statistics.

Conversion cookies" are stored on the basis of Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in analysing user behaviour in order to optimise both his website and his advertising.

For more information about Google AdWords and Google Conversion Tracking, please see Google's privacy policy: https://policies.google.com/privacy?hl=en.

You can set your browser so that you are informed about the setting of cookies and only allow cookies in individual cases, exclude the acceptance of cookies for certain cases or generally and activate the automatic deletion of cookies when closing the browser. When cookies are deactivated, the functionality of this website may be limited.

5.3 Sharing content Facebook, Google+1, Twitter & Co.

The content on our pages can be shared on social networks such as Facebook, Twitter or Google+ in accordance with data protection regulations.

Our users can share the contents of this site in social networks in compliance with data protection regulations without complete surfing profiles being created by the network operators.

Facebook plugins (Like & Share button)

Our pages include plugins from the social network Facebook, provider Facebook Inc, 1 Hacker Way, Menlo Park, California 94025, USA. You can recognize the Facebook plugins by the Facebook logo or the "Like" button on our page. An overview of the Facebook plugins can be found here: https://developers.facebook.com/docs/plugins/.

When you visit our pages, the plugin establishes a direct connection between your browser and the Facebook server. Facebook receives the information that you have visited our site with your IP address. If you click the Facebook "Like" button while logged into your Facebook account, you can link the contents of our pages on your Facebook profile. This allows Facebook to associate the visit to our pages with your user account. We would like to point out that, as the provider of the pages, we have no knowledge of the content of the data transmitted or of their use by Facebook. For more information, please see Facebook's Privacy Policy at: https://facebook.com/policy.php.

If you do not want Facebook to associate your visit to our pages with your Facebook account, please log out of your Facebook account.

Twitter plugin

Our pages include functions of the Twitter service. These functions are provided by Twitter Inc, 1355 Market Street, Suite 900, San Francisco, CA 94103, USA. By using Twitter and the "Re-Tweet" function, the websites you visit are linked to your Twitter account and made known to other users. Data is also transmitted to Twitter. We would like to point out that, as the provider of the pages, we are not aware of the content of the data transmitted or how it is used by Twitter. For more information, please see Twitter's privacy policy at: https://twitter.com/privacy.

You can change your Twitter privacy settings in your account settings at https://twitter.com/account/settings

Google+ plugin

Our pages use functions of Google+. The provider is Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

Collection and disclosure of information: Use the Google+ button to publish information worldwide. The Google+ button gives you and other users personalized content from Google and our partners. Google stores both the information that you have given +1 for a content and information about the page that you viewed when you clicked +1. Your +1 can appear in Google services, such as search results or your Google profile, or elsewhere on websites and ads, along with your profile name and photo.

Google records information about your +1 activity to improve Google services for you and others. To use the Google+ button, you need a public Google profile that is visible worldwide and must contain at least the name chosen for the profile. This name is used in all Google services. In some cases, this name may also replace another name you used when sharing content through your Google Account. The identity of your Google profile may be displayed to users who know your email address or have other identifying information about you.

Use of Information Collected: In addition to the purposes explained above, the information you provide will be used in accordance with the applicable Google data protection regulations. Google may publish aggregated statistics about users' +1 activity or share them with users and partners, such as publishers, advertisers or related websites.

Instagram Plugin

Our pages include functions of the Instagram service. These functions are provided by Instagram Inc, 1601 Willow Road, Menlo Park, CA 94025, USA.

If you are logged into your Instagram account, you can link the contents of our pages to your Instagram profile by clicking the Instagram button. This allows Instagram to associate the visit to our pages with your user account. We would like to point out that, as the provider of these pages, we are not aware of the content of the data transmitted or how Instagram uses it.

For more information, please see Instagram's privacy policy: https://instagram.com/about/legal/privacy/.

Pinterest Plugin

On our site we use social plugins of the social network Pinterest, which is operated by Pinterest Inc. 808 Brannan Street, San Francisco, CA 94103-490, USA ("Pinterest").

When you access a page that contains such a plugin, your browser establishes a direct connection to Pinterest's servers. The plugin transfers protocol data to Pinterest's server in the USA. This log information may include your IP address, the address of the sites you visit, which may also include pinterest features, the type and settings of your browser, the date and time of your request, your use of Pinterest, and cookies.

For more information about Pinterest's purpose, scope and further processing and use of the data and your rights and means of protecting your privacy, please see Pinterest's privacy policy: https://policy.pinterest.com/en/privacy-policy.

YouTube

Our website uses plugins from Google's YouTube site. This website is operated by YouTube, LLC, 901 Cherry Ave, San Bruno, CA 94066, USA.

If you visit one of our pages equipped with a YouTube plugin, a connection to the YouTube servers is established. The YouTube server is informed which of our pages you have visited.

If you are logged into your YouTube account, you allow YouTube to associate your surfing behavior directly with your personal profile. You can prevent this by logging out of your YouTube account.

The use of YouTube is in the interest of an appealing presentation of our online offers. This represents a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR.

For more information on how we handle user data, please see YouTube's privacy policy at: https://policies.google.com/privacy?hl=en.

Google Web Fonts

This site uses so-called web fonts provided by Google to uniformly display fonts. When you call up a page, your browser loads the required Web fonts into your browser cache to display texts and fonts correctly.

To do this, the browser you are using must connect to Google's servers. This gives Google knowledge that our website has been accessed via your IP address. The use of Google Web Fonts is in the interest of a uniform and appealing presentation of our online offers. This represents a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR.

If your browser does not support web fonts, a default font is used by your computer.

Further information about Google Web Fonts can be found at https://developers.google.com/fonts/faq and in Google's privacy policy: https://www.google.com/policies/privacy/.

Google Maps

This page uses the map service Google Maps via an API. The provider is Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

To use the functions of Google Maps it is necessary to save your IP address. This information is usually transferred to a Google server in the USA and stored there. The provider of this site has no influence on this data transmission.

The use of Google Maps is in the interest of an appealing representation of our online offers and at an easy findability of the places indicated by us on the website. This represents a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR.

You can find more information on the handling of user data in Google's data protection declaration: https://policies.google.com/privacy?hl=en.

6. Deletion, blocking and duration of the storage of personal data

We process and store your personal data only for the period of time required to achieve the respective storage purpose or as provided for by law.

After discontinuation of a storage purpose or after expiry of the storage period provided for by law, the personal data are routinely blocked or deleted for further processing in accordance with the statutory provisions.

7. data protection rights of the data subject

If you have any questions about your personal data, you can contact us in writing at any time. You have the following rights under DS-GMO:

7.1 The right to information (subitem Art. 15 GDPR)

You have the right at any time to receive information about which categories and information about your personal data are processed by us for which purpose and how long and according to which criteria these data are stored and whether an automated decision making including profiling is applied in this context. You also have the right to know which recipients or categories of recipients your data have been or are still being disclosed, in particular recipients in third countries or international organisations. In this case you also have the right to be informed about appropriate guarantees in connection with the transmission of your personal data.

In addition to the right of appeal to the supervisory authority and the right to information about the origin of your data, you have the right to have your personal data deleted, corrected and limited or to object to the processing of your personal data.

In all the above cases, you have the right to request a free copy of your personal data processed by us from the data processor. We are entitled to charge an appropriate administration fee for all further copies that you request or that go beyond the data subject's right to information.

7.2 The right to correction (Art. 16 GDPR)

You have the right to request the immediate correction of your incorrect personal data and, taking into account the purposes of the processing, to request the completion of incomplete personal data also by means of a supplementary declaration.

If you wish to exercise your right of correction, you can contact our data protection officer at any time.

7.3 The right to cancellation (Art. 17 GDPR)

You have the right to demand the immediate deletion of your data ("right to be forgotten") especially if the storage of the data is no longer necessary, if you revoke your consent to data processing, if your data were processed unlawfully or were collected unlawfully and if there is a legal obligation to delete under EU or national law.

However, the right to oblivion shall not apply if there is a predominant right to freedom of expression or information, if data storage is necessary for the fulfilment of a legal obligation (e.g. storage obligations), if archiving purposes prevent deletion or if storage serves to assert, exercise or defend legal claims.

7.4 The right to restriction (Art. 18 GDPR)

You have the right to request that the controller restrict the processing of your data if you dispute the accuracy of the data, if the processing is unlawful, if you refuse to delete your personal data and instead request that processing be restricted, if the requirements for the purpose of processing cease to apply or if you have objected to the processing in accordance with Article 21(1), as long as it is not yet clear whether there are any legitimate reasons on our part which outweigh yours.

7.5 The right to data transferability (Art. 20 GDPR)

You have the right to the transferability of your personal data, which you have provided to our company in the form of a standard format, so that you can have your personal data forwarded to another person in charge without hindrance, provided, for example, that you have given your consent and the processing is carried out using an automated procedure.

7.6 The right of objection (Art. 21 GDPR)

You have the right to object at any time to the collection, processing or use of your personal data for the purposes of direct advertising or market and opinion research as well as general business data processing, unless we can prove compelling reasons worthy of protection for processing which outweigh your interests, rights and freedoms.

Furthermore, you cannot exercise your right of objection if a legal provision provides for the collection, processing or use of the data or obliges the collection, processing or use.

7.7 Right of appeal to the data protection supervisory authority (Art. 77 GDPR)

You are granted the right to complain to the competent supervisory authority if you believe there has been an infringement in the processing of your personal data. The contact details of the State Commissioner for Data Protection and Freedom of Information can be found under the following link:

Transcript: Raceman Synchro: Travis www.bfdi.bund.de/SharedDocs/Adressen/LfD/BadenWuerttemberg.html?nn

7.8 Right to revoke consent under data protection law (Art. 7 para. 3 GDPR)

You can revoke your consent to the processing of your personal data at any time and without giving reasons. This also applies to the revocation of declarations of consent given to us prior to the entry into force of the EU Data Protection Basic Regulation.

8. Legal basis of the processing

In the processing of personal data for which we obtain the consent of the data subject, Art. 6 Para. 1, Sentence 1 a) of the Basic Data Protection Ordinance (GDPR) serves as the legal basis.

In the processing of personal data required for the performance of a contract to which the data subject is a party, Article 6, paragraph 1, sentence 1 b) (GDPR) serves as the legal basis. This regulation also covers processing operations that are necessary to carry out pre-contractual measures.

Insofar as the processing of personal data is necessary to fulfil a legal obligation to which our company is subject, Art. 6 para. 1, sentence 1 c) (GDPR) serves as the legal basis.

If processing is necessary to protect a legitimate interest of our company or a third party and if the interests, fundamental rights and freedoms of the data subject do not outweigh the former interest, Art. 6 para. 1 sentence 1 f) (GDPR) serves as the legal basis for processing. The legitimate interest of our company lies in the performance of our business activities and in the analysis, optimization and maintenance of the security of our online offer.

9. Transmission of data to third parties

We generally do not sell or rent user data. A transmission to third parties beyond the scope described in this data protection declaration only takes place if this is necessary for the processing of the respective requested service.

We only transfer data if there is a legal obligation to do so. This is the case if state institutions (e.g. law enforcement authorities) request information in writing or a court order is available.

A transfer of personal data to so-called third countries outside the EU/EEA area does not take place.

10. Legal or contractual regulations for the provision of personal data and possible consequences of failure to provide such data

We hereby point out that in certain cases (e.g. tax regulations) the provision of personal data is prescribed by law or may result from contractual

(e.g. information on the contractual partner). For example, for a contract to be concluded, it may be necessary for the person/contractual partner concerned to make his/her personal data available so that we can process his/her request (e.g. order) at all. There is an obligation to provide personal data, especially when concluding contracts. If in this case no personal data are provided, the contract cannot be concluded with the person concerned. Before the data subject provides personal data, the data subject may contact our data protection officer or the data controller. The data protection officer or the controller shall then inform the data subject whether the provision of the personal data required is required by law or by contract or is necessary for the conclusion of the contract and whether the data subject's concerns give rise to an obligation to provide the personal data or what consequences the failure to provide the data requested will have for the data subject.

11. Existence of automated decision making

As a responsible company, we do without automatic decision-making or profiling in our business relationships.