We operate a website offering general information and the option of making contact with us. In doing so, we pay great attention to protecting your privacy. We explain below how we treat your personal data.
1. Responsible Party
The responsible party pursuant of data protection law is:
CNC Outlet Center GmbH
Telephone: +49 8142 4487200
represented by the Managing Directors, René Schmidt, Holger Kösler, Markus Braun
Company Register: Amtsgericht München HRB 202420
2. Collection and storage of personal data; types of data und purposes for which they are used
In compliance with the statutory provisions of the Federal Data Protection Act (BDSG), the General Data Protection Regulation (GDPR) and the German Teleservices Act (TMG), we only collect personal data where this is permitted under law and where you share your personal data with us voluntarily in the process of ordering goods, opening a customer account or making contact in some other way. Without your explicit consent we only use the data that you share with us to deal with your enquiries, and to fulfil and handle your order.
We do not use customer data for advertising purposes unless you have given us explicit consent to make such further use of your data.
a) When you visit our Website
When you visit our website, data are automatically sent to our website server by the browser you are using with your end device. These data are temporarily stored in what is known as a log file. The following data are collected without your involvement and are stored until they are automatically erased:
- IP address of the computer you are using
- date and time of your visit to the website
- name and URL of the file you have retrieved
- website from which you came to our website (referrer URL)
- your computer's browser type and, possibly, the operating system, as well as the name of your access provider
We process the above-mentioned data for the following purposes:
- to guarantee a smooth connection to our website
- to guarantee a smooth user experience when you visit our website
- to analyse system security and stability
- for other administrative purposes
b) When you use our newsletter
If you have subscribed to our newsletter, we store your e-mail address pursuant to Art. 6 (1) a) GDPR. Your data are erased as soon as you unsubscribe from our mailing list, save where we are required under law to retain your data. You may unsubscribe at any time, for example by using the link shown at the end of every newsletter. Alternatively, you may unsubscribe at any time by sending an e-mail to email@example.com.
c) When you contact us by e-mail
If you send us an e-mail, we will store your e-mail address and other data that you have shared with us in your message, so that we can answer your enquiry pursuant to Art. 6 (1) a) GDPR. As soon as we no longer require these data to process your enquiry, we will erase them without undue delay, unless we are required by law to retain them. We ensure that collected data are protected against unauthorised disclosure to third parties using state-of-the-art technology. Please note, however, that unencrypted e-mails that are sent via the internet are not adequately protected from being read by unauthorised third parties.
d) When you use our contact form
When you have queries of any kind, we also offer you the opportunity to communicate with us using a contact form on the website. When you use this form, you are required to provide a valid e-mail address so that we know who has sent us the query, and so that we can respond to it. Any other information you share with us is on a voluntary basis.
Data processing for the purpose of making contact with us is pursuant to Art. 6 (1) a) GDPR on the basis of your voluntary consent. The personal data that we collect when you use the contact form are automatically erased once your query has been resolved.
3. Transfer of data to third parties
Your personal data are not transferred to third parties except for the following purposes. We only transfer your personal data to third parties if:
- you have given us your explicit consent pursuant to Art. 6(1) a) GDPR
- such transfer is lawful and is necessary in order for us to perform our contract with you pursuant to Art. 6 (1) b) GDPR. Most notably, in this instance your address data will be shared with a mailing company contracted to effect delivery insofar as this is necessary for the delivery of the goods and in order to keep you informed about the delivery status of your package
- the transfer of your data is a statutory obligation pursuant to Art. 6 (1) c) GDPR.
The cookie contains information related to the respective end device being used. This information does not however allow us to identify you directly.
We furthermore place temporary cookies to optimise user-friendliness. These remain on your end device for a determined period. If you visit our website again to make use of our services, we can automatically see that you have visited us previously, and details of your input and settings, so that you do not have to enter them again.
It is necessary for us to process the data generated by the cookies for the specified purposes to pursue our legitimate interests and the interests of third parties pursuant to Art. 6 (1) f) GDPR.
Most browsers automatically accept cookies. You may however configure your browser so that no cookies are stored on your computer, or so that you are always notified before a new cookies is stored. However, if you deactivate cookies you may not be able to use all the functions of our website.
5. Analysis Tools
We use the tracking measures set out below pursuant to Art. 6 (1) f) GDPR. In applying these tracking measures we wish to ensure the needs-appropriate design and ongoing optimisation of our website. We also use tracking measures to statistically record website usage and analyse it for the purpose of optimising our service to you. These interests are legitimate pursuant to the above provision.
For details of the respective data processing purposes and data categories, please refer to the respective tracking tools.
6. Google Maps
7. Social Media Plugins
We use social plugins provided by the social networks Facebook, Instagram and Xing pursuant to Art. 6 (1) f) GDPR in order to raise the profile of our company through these networks. The underlying advertising purpose is a legitimate interest in the sense of the GDPR. The respective providers are responsible for privacy-compliant operation. These plugins are integrated into our website using a two-click method to provide our website visitors with the best possible protection.
Social media plugins from Facebook are used on our website to better personalise their use. To this end we use the “LIKE” or “SHARE” buttons. These are a service provided by Facebook.
When you visit one of our web pages containing this kind of plugin, your browser will create a direct link with Facebook’s servers. The content of the plugin is directly transmitted from Facebook to your browser and integrated by Facebook into the web page.
By integrating the plugin, Facebook obtains the information that your browser has retrieved the corresponding page of our website, even if you do not have a Facebook account or are not logged in to Facebook at that moment. These data (including your IP address) are directly transmitted from your browser to a Facebook server in the USA and stored there.
If you are logged in to Facebook, Facebook can directly associate your visit to our website with your Facebook account. When you interact with plugins by, say, using the “LIKE” or “SHARE” buttons, that information is also transmitted directly to a Facebook server and stored there. This information is also published on Facebook and displayed to your Facebook friends.
Facebook may use this information for the purposes of advertising, market research and needs-appropriate design of Facebook pages. To this end, Facebook usage, interest and relationship profiles are created, for example to analyse your use of our website with regard to the ads you are shown on Facebook, to inform other Facebook users about your activities on our website, and to provide other services associated with the use of Facebook.
If you do not wish Facebook to associate data that it collects when you visit our website with your Facebook account, you must log out of Facebook before you visit our website.
Our website also uses social plugins (“plugins”) from Instagram, operated by Instagram LLC., 1601 Willow Road, Menlo Park, CA 94025, USA („Instagram“).
The plugins feature an Instagram logo in the form, say, of an “Instagram camera”.
When you visit one of our web pages containing this kind of plugin, your browser will create a direct link with Instagram’s servers. The content of the plugin is directly transmitted from Instagram to your browser and integrated by Instagram into the web page. By integrating the plugin, Instagram obtains the information that your browser has retrieved the corresponding page of our website, even if you do not have an Instagram account or are not logged in to Instagram at that moment. These data (including your IP address) are directly transmitted from your browser to an Instagram server in the USA and stored there. If you are logged in to Instagram, Instagram can directly associate your visit to our website with your Instagram account. When you interact with plugins by, say, using the “Instagram” button, that information is also transmitted directly to an Instagram server and stored there.
This information is also published on your Instagram account and displayed to your contacts there.
If you do not wish Instagram to associate the data collected when you visit our website directly with your Instagram account, you must log out of Instagram before visiting our website.
The “XING Share button” is used on this website. When you visit our website, a connection to the XING SE (“XING”) servers is temporarily created allowing the XING Share button functions (and the calculation/display of counters) to be provided. XING does not store your personal data when you visit our website. Most notably, XING does not store any IP addresses. Equally, your user behaviour is not analysed via cookies when you use the XING Share button.
Current privacy information about the XING Share button and further details are available here: (https://www.xing.com/app/share?op=data_protection).
8. Embedded YouTube Videos
YouTube videos are embedded in parts of our website. The operator of the corresponding plugins is YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. If you visit a page containing the YouTube plugin, a connection to YouTube’s servers is created, so that YouTube knows which pages you have visited. If you are logged in to your YouTube account, YouTube can associate your browsing behaviour with your personal account. You can prevent this by logging out of your YouTube account beforehand.
When you launch a YouTube video, the provider places a cookie that collects information about your user behaviour.
If you have deactivated cookies for the Google Ad programme, you will not receive any such cookies when you view YouTube videos.
However, YouTube stores non-personal usage information on other cookies. If you wish to prevent this, you must block cookies in your browser.
9. Your right as data subject
You have the right:
- pursuant to Art. 15 GDPR to request information as to whether or not we are processing personal data concerning you. You may, in particular, request information about the purposes of processing, the categories of personal data, the categories of recipients to whom your data have been or will be disclosed, the envisaged period for which the data will be stored, the existence of a right to rectification, to erasure, to the restriction of processing, or to object to processing, to lodge a complaint, to obtain information as to the source of your data where we did not collect them from you in person, and the existence of automated decision-making, including profiling and, where applicable, meaningful information about same;
- pursuant to Art. 16 GDPR to request the rectification or completion of any personal data we have stored about you, without undue delay;
- pursuant to Art. 17 GDPR to request the erasure of your personal data provided that their processing is not necessary to exercise the right of freedom of expression and information, for compliance with a legal obligation, for reasons of public interest, or for the establishment, exercise or defence of legal claims;
- pursuant to Art 18 GDPR to request the restriction of processing of your personal data where you contest the accuracy of the personal data, where processing is unlawful but you oppose the erasure of the personal data, and where we no longer need the personal data but you require them for the establishment, exercise or defence of legal claims, or where you have objected to processing pursuant to Art. 21 GPDR;
- pursuant to Art. 20 GDPR to request the personal data that you have provided to us in a structured, commonly used and machine-readable format or to request that those data be transmitted to another data controller;
- pursuant to Art. 7 (3) GDPR to withdraw the consent you have given to us at any time. As a consequence, we will not be permitted in future to continue processing your data on the basis of that consent; and
- pursuant to Art. 77 GDPR to lodge a complaint with a supervisory authority. As a rule, you may do so with the supervisory authority in your usual place of residence or place of work, or with our head office.
10. Right to object
You may object to the storage of your personal data at any time with future effect. You may do so by sending an e-mail to firstname.lastname@example.org. If your data have been stored for the purpose of contract performance, we will erase your data immediately after the contract has been fulfilled.
11. Data security
When you visit our website we deploy the widely-used SSL (secure socket layer) procedure in conjunction with the highest available level of encryption supported by your browser. As a rule, this is 256-bit encryption. If your browser does not support 256-bit encryption, we use 128-bit v.3 technology instead. You can see whether individual pages of our website are encrypted because a lock or key symbol will display in your browser’s address bar.
We furthermore take suitable technical and organisational security measures to protect your data against accidental or wilful manipulation, against partial or complete loss, destruction or unauthorised access by third parties. Our security measures are improved on an ongoing basis in line with technological advances.
12. Questions about data protection
If you have any queries about data protection, please send us an e-mail or contact our Data Protection Officer directly:
Mr. Michael Voltz (Solicitor)