Privacy Policy

We are delighted that you have visited our website. We not only take the protection of your data very seriously, we also see it as a customer-oriented quality feature. Compliance with the General Data Protection Regulation (GDPR) is therefore a matter of course for us. In the following, we explain what data we collect, for what purposes it is used and how we protect it.

1. Who is the controller?

The controller within the meaning of data protection law is

PHOS Design GmbH
Werftstrae 12
76189 Karlsruhe
Tel. 49 (0) 721 530 772-0
Fax 49 (0) 721 530 772-22
Email: phos@phos.de

Managing partner:
Mario Erich Grundmann

Amtsgericht Mannheim HRB 704750
VAT no.: DE 260666483

The data protection officer is:
Mr Sebastian Kusenbach
Werftstrae 12
76189 Karlsruhe
Phone: 49 (0) 721 530 772-18
Email: datenschutz@phos.de

2. When and for what purpose is data collected?

When you visit our website

Every time you visit our website, server log file information that your browser transmits to us is automatically collected. This is:

  • IP address (Internet Protocol address) of the accessing computer
  • The website from which you visit us (referrer)
  • The website you visit on our site
  • The date, time and duration of the visit
  • Browser type
  • Operating system
  • Host name of the accessing computer

This data is not merged with other data sources.
The basis for data processing is Art. 6 para. 1 lit. f GDPR, which permits the processing of data for the fulfilment of a contract or pre-contractual measures.
These data are anonymised and can therefore not be assigned to a specific person.
We use this technical access information exclusively for the following purposes:

  • To improve the attractiveness and usability of our website
  • To recognise technical problems on our website at an early stage
  • To deliver the content of our website correctly
  • To provide law enforcement authorities with the information necessary for prosecution in the event of a cyber attack.

This data is stored for a maximum of 7 days as a technical precaution to protect the data processing systems against unauthorised access.

We would like to point out that data transmission over the Internet (e.g. when communicating by e-mail) can have security gaps. Complete protection of data against access by third parties is not possible.

Further data collection is explained in points 4 and 5.

SSL or TLS encryption

This site uses SSL or TLS encryption for security reasons and to protect the transmission of confidential content, such as orders or enquiries that you send to us as the site operator. You can recognise an encrypted connection by the fact that the address line of the browser changes from http://â to https://â and by the lock symbol in your browser line.

If SSL or TLS encryption is activated, the data that you transmit to us cannot be read by third parties.

Phone

If you contact us by telephone, only the date and time of the call, the telephone number, if this is not suppressed, and the duration of the telephone call are stored by our telephone software. If you provide an employee with further data, this will be stored in our ERP system in order to fulfil the services you have requested.

Fax

If you send us a fax, only your fax number, the date and time of receipt will be stored in our telephone software. If you provide an employee with further data, this will be stored in our ERP system in order to fulfil the services you have requested.

E-mail
If you send us an e-mail, we will collect the following data:

  • Your email address, Any other visible email addresses (carbon copy)
  • The date and time the email was received,
  • Subject,
  • Email text,
  • any attached files

If you provide us with further data, this will be stored in our ERP system in order to fulfil the services you have requested.

Website contact form
If you send us a message via the contact form on our website, we will collect the following data:

  • The selection of the checkboxes (message / feedback, offer or order)
  • The contact fields filled in
  • Text of the message
  • The date and time the message was received
  • Browser type
  • Operating system

If you provide us with further data, will be stored in our ERP system in order to fulfil the services you have requested.

Newsletter registration
If you register on our website to receive our newsletter, the following data is collected:

  • The contact fields filled in
  • The date and time the message was received

Visit to our shop or trade fair stand

If you visit us in our shop or at a trade fair stand, we collect the following data:

  • The contact details you provide us with; verbally or in writing
  • Date of contact


If you provide us with further data, this will be stored in our ERP system so that we can fulfil the services you have requested.

Postal
If you send us your request by post, we collect the following data:

  • Sender's address
  • Contact person, if applicable
  • The letter or parcel itself
  • The address of the sender

If you provide us with further data, this will be stored in our ERP system in order to fulfil the services you have requested.

3. What personal data is passed on?

We only use your personal data for the purposes listed in this privacy policy.

Data transfer for contract fulfilment

For contract fulfilment, we pass on your data to the shipping company commissioned with the delivery, insofar as this is necessary for the delivery of ordered goods.

Depending on which payment service provider you select in the ordering process, we will pass on the payment data collected for the processing of payments to the credit institution commissioned with the payment and, if applicable, to the payment service provider commissioned by us or to the selected payment service.

In some cases, the selected payment service providers also collect this data themselves if you create or have created an account there. In this case, you must log in to the payment service provider with your access data during the ordering process.

In this respect, the data protection declaration of the respective payment service provider applies.

4. What are cookies used for?

Cookies are used to make our website more user-friendly, effective and secure. Cookies are small text files that are stored on your computer and saved by your browser. Cookies do not cause any damage to your computer and do not contain viruses.

Most of the cookies we use are so-called âsession cookiesâ. They are automatically deleted at the end of your visit. Other cookies remain stored on your end device until you delete them. These cookies enable us to recognise your browser on your next visit.

You can set your browser so that you are informed about the setting of cookies and only allow cookies in individual cases, exclude the acceptance of cookies for certain cases or in general and activate the automatic deletion of cookies when closing the browser. If cookies are deactivated, the functionality of this website may be restricted.

Cookies that are required to carry out the electronic communication process or to provide certain functions you have requested (e.g. shopping basket function) are stored on the basis of Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in the storage of cookies for the technically error-free and optimised provision of its services. Insofar as other cookies (e.g. cookies to analyse your surfing behaviour) are stored, these are treated separately in this privacy policy.

5. use and application of tracking, analysis tools and social plugins

5.1 Google Analytics

This website uses functions of the web analysis service Google Analytics. The provider is Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

Google Analytics uses so-called "cookies". These are text files that are stored on your computer and enable your use of the website to be analysed. The information generated by the cookie about your use of this website is usually transmitted to a Google server in the USA and stored there.

The storage of Google Analytics cookies is based on Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in analysing user behaviour in order to optimise both its website and its advertising.

IP anonymisation

We have activated the IP anonymisation function on this website. As a result, your IP address will be truncated by Google within member states of the European Union or other parties to the Agreement on the European Economic Area prior to transmission to the United States. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and truncated there. Google will use this information on behalf of the operator of this website to analyse your use of the website, to compile reports on website activity and to provide other services relating to website activity and internet usage to the website operator. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.

Browser plugin

You can prevent the storage of cookies by setting your browser software accordingly; however, we would like to point out that in this case you may not be able to use all functions of this website to their full extent. You can also prevent Google from collecting the data generated by the cookie and relating to your use of the website (including your IP address) and from processing this data by Google by downloading and installing the browser plug-in available at the following link: https://tools.google.com/dlpage/gaoptout?hl=de.

Objection to data collection

You can prevent the collection of your data by Google Analytics by clicking on the following link. An opt-out cookie will be set to prevent your data from being collected on future visits to this website:
Click here to disable Google Analytics.

For more information on how Google Analytics handles user data, please refer to Google's privacy policy: https://support.google.com/analytics/answer/6004245?hl=de.

Commissioned data processing

We have concluded a contract with Google for commissioned data processing and fully implement the strict requirements of the German data protection authorities when using Google Analytics.

Demographic features of Google Analytics
This website uses the "demographic features" function of Google Analytics. This allows reports to be created that contain statements about the age, gender and interests of site visitors. This data comes from interest-based advertising from Google and visitor data from third-party providers. This data cannot be assigned to a specific person. You can deactivate this function at any time via the ad settings in your Google account or generally prohibit the collection of your data by Google Analytics as described in the section "Objection to data collection".

5.2 Google AdWords and Google Conversion Tracking

This website uses Google AdWords. AdWords is an online advertising programme of Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States (âGoogleâ).

We use conversion tracking as part of Google AdWords. When you click on an advert placed by Google, a cookie is set for conversion tracking. Cookies are small text files that the internet browser stores on the user's computer. These cookies lose their validity after 30 days and are not used to personally identify the user. If the user visits certain pages of this website and the cookie has not yet expired, Google and we can recognise that the user clicked on the ad and was redirected to this page.

Each Google AdWords customer receives a different cookie. The cookies cannot be tracked via the websites of AdWords customers. The information collected using the conversion cookie is used to generate conversion statistics for AdWords customers who have opted for conversion tracking. Customers are told the total number of users who clicked on their advert and were redirected to a page with a conversion tracking tag. However, they do not receive any information that can be used to personally identify users. If you do not wish to participate in tracking, you can object to this use by easily deactivating the Google Conversion Tracking cookie via your Internet browser under user settings. You will then not be included in the conversion tracking statistics.

The storage of "conversion cookies" takes place on the basis of Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in analysing user behaviour in order to optimise both its website and its advertising.

For more information on Google AdWords and Google Conversion Tracking, please see Google's privacy policy: https://www.google.com/policies/privacy/.

You can set your browser so that you are informed about the setting of cookies and only allow cookies in individual cases, exclude the acceptance of cookies for certain cases or in general and activate the automatic deletion of cookies when closing the browser. If cookies are deactivated, the functionality of this website may be restricted.

5.3 YouTube

Our website uses plugins from YouTube, which is operated by Google. The operator of the pages is YouTube, LLC, 901 Cherry Ave, San Bruno, CA 94066, USA.

When you visit one of our pages equipped with a YouTube plugin, a connection to the YouTube servers is established. This tells the YouTube server which of our pages you have visited.

If you are logged into your YouTube account, you allow YouTube to associate your browsing behaviour directly with your personal profile. You can prevent this by logging out of your YouTube account.

The use of YouTube is in the interest of an appealing presentation of our online offers. This constitutes a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR.

Further information on the handling of user data can be found in YouTube's privacy policy at: https://www.google.de/intl/de/policies/privacy.

6.0 Data processing by social networks

We maintain publicly accessible profiles on social networks. The individual social networks we use can be found below.

Social networks such as Facebook, Google etc. can generally analyse your user behaviour comprehensively when you visit their website or a website with integrated social media content (e.g. like buttons or advertising banners). Visiting our social media presences triggers the following data protection-relevant processing operations:
If you are logged into your social media account and visit our social media presence, the operator of the social media portal can assign this visit to your user account. However, your personal data may also be collected under certain circumstances if you are not logged in or do not have an account with the respective social media portal. In this case, this data is collected, for example, via cookies that are stored on your end device or by recording your IP address.
The operators of the social media portals can use the data collected in this way to create user profiles in which your preferences and interests are stored. In this way, interest-based advertising can be displayed to you within and outside of the respective social media presence. If you have an account with the respective social network, the interest-based advertising can be displayed on all devices on which you are logged in or have been logged in.
Please also note that we cannot track all processing operations on the social media portals. Depending on the provider, further processing operations may therefore be carried out by the operators of the social media portals. For details, please refer to the terms of use and data protection provisions of the respective social media portals.

Legal basis

Our social media presences are intended to ensure the most comprehensive presence possible on the Internet. This is a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR. The analysis processes initiated by the social networks may be based on different legal bases, which must be specified by the operators of the social networks (e.g. consent within the meaning of Art. 6 para. 1 lit. a GDPR).

Controller and assertion of rights

If you visit one of our social media sites (e.g. Facebook), we are jointly responsible with the operator of the social media platform for the data processing operations triggered during this visit. In principle, you can assert your rights (information, correction, deletion, restriction of processing, data portability and complaint) both against us and against the operator of the respective social media portal (e.g. Facebook).
Please note that despite the joint responsibility with the social media portal operators, we do not have full influence on the data processing processes of the social media portals. Our options are largely based on the company policy of the respective provider.

Storage period

The data collected directly by us via the social media presence will be deleted from our systems as soon as the purpose for its storage no longer applies, you request us to delete it, revoke your consent to storage or the purpose for data storage no longer applies. Stored cookies remain on your end device until you delete them. Mandatory legal provisions - in particular retention periods - remain unaffected.
We have no influence on the storage period of your data that is stored by the operators of social networks for their own purposes. For details, please contact the operators of the social networks directly (e.g. in their privacy policy, see below).

Social networks in detail

Facebook

We have a profile on Facebook. The provider is Facebook Inc, 1 Hacker Way, Menlo Park, California 94025, USA. Facebook is certified in accordance with the EU-US Privacy Shield.
We have concluded an agreement with Facebook on joint responsibility for the processing of data (Controller Addendum). This agreement specifies which data processing operations we or Facebook are responsible for when you visit our Facebook fan page. You can view this agreement at the following link:
https://www.facebook.com/legal/terms/page_controller_addendum

You can customise your advertising settings yourself in your user account. To do this, click on the following link and log in: https://www.facebook.com/settings?tab=ads

Details can be found in Facebook's privacy policy:
https://www.facebook.com/about/privacy/

Google

We have a profile on Google . The provider is Google Inc., 1600 Amphitheatre Parkway Mountain View, CA 94043, USA. Google is certified in accordance with the EU-US Privacy Shield:
You can customise your advertising settings yourself in your user account. To do this, click on the following link and log in:
https://adssettings.google.com/authenticated
Details can be found in Google's privacy policy: https://policies.google.com/privacy

Twitter

We use the short message service Twitter. The provider is Twitter Inc, 1355 Market Street, Suite 900, San Francisco, CA 94103, USA. Twitter is certified in accordance with the EU-US Privacy Shield.
You can customise your Twitter privacy settings yourself in your user account. To do this, click on the following link and log in: https://twitter.com/personalisation
For details, please refer to Twitter's privacy policy: https://twitter.com/de/privacy

Instagram

We have a profile on Instagram. The provider is Instagram Inc, 1601 Willow Road, Menlo Park, CA, 94025, USA. Details on how they handle your personal data can be found in Instagram's privacy policy: https://help.instagram.com/519522125107875

Pinterest

We have a profile on Pinterest. The operator is Pinterest Inc, 808 Brannan Street San Francisco, CA 94103-490, USA (Pinterest). Details on how they handle your personal data can be found in Pinterest's privacy policy:
https://policy.pinterest.com/de/privacy-policy

XING

We have a profile on XING. The provider is XING AG, DammtorstraÃe 29-32, 20354 Hamburg, Germany. Details on how they handle your personal data can be found in XING's privacy policy:
https://privacy.xing.com/de/datenschutzerklaerung

LinkedIn

We have a profile on LinkedIn. The provider is LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland. LinkedIn is certified in accordance with the EU-US Privacy Shield. LinkedIn uses advertising cookies.

If you would like to deactivate LinkedIn advertising cookies, please use the following link: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out
For details on how they handle your personal data, please refer to LinkedIn's privacy policy: https://www.linkedin.com/legal/privacy-policy

Tumblr

We have a profile on Tumblr. The provider is Tumblr, Inc, 35 East 21st St, 10th Floor, New York, NY 10010, USA. Details on how they handle your personal data can be found in Tumblr's privacy policy: https://www.tumblr.com/privacy/de

7. Erasure, blocking and duration of storage of personal data

We process and store your personal data only for the period of time required to achieve the respective storage purpose or as provided for by the various retention periods stipulated by law.

Once a storage purpose no longer applies or after the retention period prescribed by law has expired, the personal data is routinely blocked or erased for further processing in accordance with the statutory provisions.

8. Data protection rights of the data subject

If you have any questions about your personal data, you can contact us in writing at any time. You have the following rights under the GDPR:

8.1 The right to information (subsection Art. 15 GDPR)

You have the right to obtain information at any time about which categories and information about your personal data are processed by us, for what purpose, how long and according to what criteria these data are stored and whether automated decision-making, including profiling, is used in this context. You also have the right to know which recipients or categories of recipients your data have been or will be disclosed to, in particular recipients in third countries or international organisations. In this case, you also have the right to be informed about suitable guarantees in connection with the transfer of your personal data.

In addition to the right to lodge a complaint with the supervisory authority and the right to information about the origin of your data, you have the right to erasure, rectification and the right to restrict or object to the processing of your personal data.

In all of the above cases, you have the right to request a copy of your personal data processed by us from the data processor free of charge. For all further copies that you request or that go beyond the data subject's right to information, we are entitled to charge a reasonable administrative fee.

8.2 The right to rectification (Art. 16 GDPR)

You have the right to request the immediate rectification of your incorrect personal data and, taking into account the purposes of the processing, to request the completion of incomplete personal data, including by means of a supplementary declaration.

If you wish to exercise the right to rectification, you can contact our data protection officer at any time.

8.3 The right to erasure (Art. 17 GDPR)

You have the right to demand the immediate erasure of your data ("right to be forgotten"), in particular if the storage of the data is no longer necessary, you withdraw your consent to data processing, your data has been processed unlawfully or has been collected unlawfully and there is a legal obligation to erase it under EU or national law.

However, the right to be forgotten does not apply if there is an overriding right to freedom of expression or freedom of information, the data storage is necessary for compliance with a legal obligation (e.g. retention obligations), archiving purposes preclude erasure or the storage serves the establishment, exercise or defence of legal claims.

8.4 The right to restriction (Art. 18 GDPR)

You have the right to obtain restriction of processing of your data by the controller where the accuracy of the data is contested by you, the processing is unlawful, you oppose the erasure of your personal data and request the restriction of their processing instead, if the necessity for the processing purpose no longer applies or if you have objected to processing pursuant to Article 21(1) pending the verification whether our legitimate grounds override yours.

8.5 The right to data portability (Art. 20 GDPR)

You have the right to the portability of your personal data, which you have provided to our company in a commonly used format, so that you can have your personal data transmitted to another controller without hindrance, provided that, for example, you have given your consent and the processing is carried out by automated means.


8.6 The right to object (Art. 21 GDPR)

You have the right to object at any time to the collection, processing or use of your personal data for the purposes of direct marketing or market and opinion research as well as general commercial data processing, unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms.

In addition, you cannot exercise your right to object if a legal provision provides for the collection, processing or use of the data or obliges the collection, processing or use.

8.7 Right to lodge a complaint with the data protection supervisory authority (Art. 77 GDPR in conjunction with § 19 BDSG)
You have the right to lodge a complaint with the competent supervisory authority if you believe that there has been an infringement in the processing of your personal data. The contact details of the State Commissioner for Data Protection and Freedom of Information can be found at the following link https://www.bfdi.bund.de/SharedDocs/Adressen/LfD/BadenWuerttemberg.html?nn=5217144

8.8 Right to withdraw consent under data protection law (Art. 7 para. 3 GDPR)

You can withdraw your consent to the processing of your personal data at any time and without giving reasons. This also applies to the revocation of declarations of consent that were given to us before the EU General Data Protection Regulation came into force.

9. Legal basis for processing

When processing personal data for which we obtain the consent of the data subject, Art. 6 para. 1, sentence 1 a) of the General Data Protection Regulation (GDPR) serves as the legal basis.

Art. 6 para. 1, sentence 1 b) (GDPR) serves as the legal basis for the processing of personal data required for the fulfilment of a contract to which the data subject is a party. This provision also includes processing operations that are necessary for the performance of pre-contractual measures.

If the processing of personal data is necessary for compliance with a legal obligation to which our company is subject, Art. 6 para. 1 sentence 1 c) (GDPR) serves as the legal basis.

If the processing is necessary for the purposes of the legitimate interests pursued by our company or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject, Art. 6 para. 1 sentence 1 f) (GDPR) serves as the legal basis for the processing. The legitimate interest of our company lies in the performance of our business activities and in the analysis, optimisation and maintenance of the security of our online offering.

10. Transfer of data to third parties

We generally do not sell or lend user data. Data will only be transferred to third parties beyond the scope described in this privacy policy if this is necessary for the processing of the respective requested service.

We only transfer data if there is a legal obligation to do so. This is the case if state institutions (e.g. law enforcement agencies) request information in writing or if a court order has been issued.

We do not transfer personal data to so-called third countries outside the EU/EEA.

11. Legal or contractual regulations for the provision of personal data and possible consequences of non-provision


We would like to point out that the provision of personal data is required by law in certain cases (e.g. tax regulations) or may result from contractual regulations (e.g. information on the contractual partner). For example, it may be necessary for the conclusion of a contract that the data subject/contractual partner must provide their personal data so that their request (e.g. order) can be processed by us in the first place. An obligation to provide personal data arises above all when concluding a contract. If no personal data is provided in this case, the contract cannot be concluded with the data subject. Before personal data is provided by the data subject, the data subject can contact our data protection officer or the data controller. The data protection officer or the controller will then clarify to the data subject whether the provision of the required personal data is required by law or contract or is necessary for the conclusion of the contract and whether there is an obligation to provide the personal data arising from the data subject's concerns or the consequences for the data subject of not providing the requested data.

12. existence of automated decision-making

As a responsible company, we do not use automated decision-making or profiling in our business relationships.