The protection of your personal rights and data is very important to us; almost as important as a decorative high-quality floor covering. Therefore, we protect your data through appropriate technical and administrative measures and take the legal regulations for data protection very seriously - especially the EU General Data Protection Regulation and the Federal Data Protection Act. Below you will find information on what data is collected in connection with your visit to our website and how it is used:
The responsible and therefore important person in charge:Schuss und Kette UG (limited liability)
Heinrich-Heine Allee 33
0211 – 8282882
1. Data saving usage of the website
First, a somewhat loose definition: According to Art. 4 DPA, "Personal data" means any information relating to an identified or identifiable natural person (hereinafter "data subject"); an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
And then something more simple before it gets serious: Basically you can visit our website without telling us who you are. For technical reasons, your IP address is always processed when you visit a website. This is the only way the website can be delivered to your browser.
1.1 Data acquisition in server log files
When you buy something in our online shop as part of the buying and selling process, we collect the personal information you provide, such as your name, address and e-mail address. When you browse our shop, we automatically receive your computer's IP address (Internet Protocol) to provide us with information that helps us learn more about your browser and operating system.
The provider of our website automatically collects and stores information in so-called server log files, which your browser automatically sends to us. These are: the name of the accessed website, file, date and time of access, transferred data volume, notification of successful access, browser type and version, the user's operating system, referrer URL (the previously visited page), IP address and the requesting provider.
We carry out this data processing on the basis of our legitimate interests (Art. 6 para. 1 letter f) DS-GVO). The collection of this data serves the statistical evaluation of our Internet presence, the continuous improvement of our website, as well as to ensure IT security and protection against unauthorized use. We hold the right to subsequently check this data if we become aware of concrete indications of illegal use. This data will not be merged with other data sources.
With your permission, we can also send you emails about our shop, new products, and other updates.
If you provide us with personal information to process a transaction, verify your credit card, place an order, process a delivery or return a purchase, you consent to the collection and use of such information only for that specific reason. If we ask you for your personal data for another (secondary) reason - for example for marketing purposes - you will either be asked directly for your explicit consent, and we will offer you the opportunity to say no.
How can I withdraw my consent?
If you change your mind after you register, you can withdraw your consent to be contacted for further collection, use, or disclosure of your information at any time. Write us an e-mail in this regard: email@example.com or write us a letter:
Schuss und Kette UG (limited liability)
Heinrich-Heine Allee 33
1.3 Age of consent
By using this website you declare that you are at least of legal age in your country of origin, state, or province of residence, or that you are of legal age in your country of origin, state, country, or province of residence, and you give us your consent to allow your underage relatives to use this website.
1.5 Data collection in cookies
Our website sometimes uses so-called cookies. Cookies are small text files that are either temporarily stored in the main memory of the computer ("session cookie"), or stored on the hard disk ("permanent" cookie). Cookies do not damage your computer and do not contain viruses. Cookies serve to make our service more user-friendly, effective, and safer. Perhaps that is why the name is so friendly.
The use of these cookies is technically necessary, for example to enable different language settings. However, a further data collection does not take place through this. These cookies are usually deleted as soon as you close your browser.
Here is a list of cookies that we use. We have listed them here so you can choose whether or not to accept them.
- _session_id: Allows Shopify to store information about your session (referrer, landing page, etc.)
- _shopify_visit: No data is stored. Up to only 30 minutes after the last visit. _shopify_visit-Cookies are used by our website provider's internal statistics tracker to record the number of visits.
- _shopify_uniq: No data is stored. They expire at midnight of the day following the visit. Counts the number of visits of an individual customer to our online shop.
- cart: A unique token that expires after two weeks. It stores information about the contents of your shopping cart.
- _secure_session_id: A unique token.
- sessional storefront_digest: If the shop has a password, this token is used to determine whether the current visitor has access.
- PREF: Is only available for a short time. Is determined by Google and records who visits the shop from where.
The good news is that you can set up your browser independently of our website so that you are informed about the setting of cookies and can allow cookies only in individual cases, exclude the acceptance of cookies for certain cases, or completely block, or automatically delete cookies when closing the browser. Cookies for reach measurement and advertising purposes may also be disabled on the Network Advertising Initiative's opt-out page (http://optout.networkadvertising.org/) , for example, to opt-out of the U.S. website (http://www.aboutads.info/choices), or the European website (http://www.youronlinechoices.com/uk/your-ad-choices/).
However, if you disable cookies, the functionality of this website may become limited.
To protect your personal data, we take appropriate precautions and follow industry-approved methods to ensure that it is not lost, misused, accessed, disclosed, altered, or destroyed. Our site uses Secure Socket Layer Technology (SSL) encryption for reasons of security and to protect the transmission of confidential content, such as the requests you send to us as website operator. You can always recognize an encrypted connection by the fact that the address bar of your browser changes from "http://" to "https://" and by the lock symbol in your address bar. If the SSL encryption is activated, the data that you transmit to us cannot be read by third parties.
When you provide us with your credit card information, the information is encrypted using SSL technology and stored using AES-256 encryption. Although no method of transferring data over the Internet or electronic storage is 100% secure, we comply with all PCI-DSS requirements and implement additional commonly accepted industry standards.
If you contact us (by e-mail, contact form or telephone), your data will be processed for the purpose of handling the contact request and its processing, Art. 6 para. 1 lit. b) DSGVO.
This means that if personal data (such as your name, address, or e-mail address) is collected when you contact us, this is because you are interested in our products or services, for example, or have other requests. The personal data transmitted when you contact us will be stored by us. In this context, the data will not be passed on to third parties.
3.Disclosure of data to third parties and third-party providers
We only pass on your data to third parties (other persons or companies) if you give your consent, or if it is otherwise permitted by law. This may be the case, for example, if this is necessary in the context of contract preparation or for the performance of a contractual obligation, Art. 6 para. 1 lit. b) DSGVO, or if the disclosure serves our legitimate interests in accordance with Art. 6 para. 1 para. 1 lit. f) DSVGO in an economic and effective business practice.
If we involve subcontractors in the processing of your data, we will take legal precautions and appropriate technical and organizational measures to ensure that your data is protected, and that the relevant legal regulations are complied with. If we commission third parties to process data on the basis of a so-called "contract processing agreement," this is done on the basis of Art. 28 DSGVO.
If a subcontractor carries out data processing outside the European Union or the European Economic Area, the data will only be transferred there if an adequate level of data protection is ensured at the location of the data processing, and if you have expressly consented, or if any other legal permission has been granted.
Our main focus is good rugs and good service. That's why our online store uses external hosting services from Shopify Inc.. Shopify provides the online e-commerce platform that enables us to sell our products and services. Your data is stored via Shopify's data storage, databases, and the general Shopify application. Shopify stores your information on a secure server protected by a firewall.
In doing so, we or Shopify process usage, meta, and communication data of customers, interested parties, and visitors to our website on the basis of our legitimate interests in an efficient, secure, and engaging provision of our online offer in accordance with Art. 6 Para. 1 letter f DSGVO, in conjunction with Art. 28 DSGVO.
When you choose a direct payment gateway to complete your purchase, Shopify stores your credit card information. It is encrypted using the Payment Card Industry Data Security Standard (PCI-DSS). Your purchase transaction data is only stored until your purchase transaction is complete. After that, your purchase transaction information is deleted. All direct payment gateways comply with the standards set by PCI-DSS, which are administered by the PCI Security Standards Council. This is a joint initiative of companies like Visa, Mastercard, American Express and Discover. PCI-DSS requirements help ensure that our online store and its service providers handle credit card information securely.
4. Integration of third-party services and content
On our website, we use content or service offers from third parties on the basis of our legitimate interests within the terms of Art. 6 para. 1 lit. f) DSGVO (analysis, optimization and economic operation of our website), in order to integrate their content and services, such as fonts (hereinafter only referred to as "content"). Technically this always requires that these third party providers process your IP address. Without the IP address, the content cannot be sent to your browser. Third party providers may also use so-called pixel tags (also called "web beacons") for statistical or marketing purposes. These technologies allow these third parties to obtain information and, for example, to analyze visitor traffic on the pages of this website. Pseudonymous information may also be stored in cookies on your device. We have already explained cookies under 1.2. Moreover, the possibility that such information may be combined with information from other sources cannot be discounted.
Generally, the third parties we use will only collect, use and disclose your information to the extent necessary to enable them to provide the services they have provided to us. However, some third parties, such as payment gateways and other payment service providers, may have their own privacy policies regarding the information we are required to provide to them for your purchase-related transactions.
We encourage you to read the privacy policies of these providers so that you understand how your personal information is processed by them. In particular, keep in mind that certain providers may be located in a different jurisdiction. Therefore, if you choose to engage in a transaction involving the services of a third party provider, your information may be subject to the laws of the jurisdiction(s), in which that service provider or its facilities are located.
For example, if you are a Canadian citizen and your transaction is processed by a payment gateway located in the United States, your personal information used to complete that transaction may be subject to disclosure under U.S. law, including the Patriot Act.
If you click on links in our shop, you may be redirected from our website. We are not responsible for the privacy practices of other websites and encourage you to read their respective privacy statements.
In the following section, however, we will inform you about which contents we integrate from third parties and which data processing is associated with it:
4.1 Google Universal Analytics
Our online shop uses Google Analytics to find out who visits our website, and which pages are viewed. Google Analytics is a web analytics service provided by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google").
This website uses Google Analytics exclusively with the extension "_anonymizeIp()", which ensures anonymization of the IP address by shortening it and excludes any direct personal reference. Through the extension, your IP address will be shortened by Google within member states of the European Union or in other signatory states of the European Economic Area Treaty. Only in exceptional cases will the full IP address be transferred to a server of Google LLC. in the United States and shortened there. In these exceptional cases, this processing is carried out in accordance with Art. 6 para. 1 lit. f DSGVO on the basis of our lawful interest concerning the statistical analysis of user behavior for optimization and marketing purposes.
On our behalf, Google will use this information to evaluate your use of the website to compile reports on website activities and provide us with further services related to website and internet use. The IP address transmitted by your browser within the framework of Google Analytics is not combined with other data from Google.
You can prevent the storage of cookies by adjusting your browser software accordingly. However, we would like to point out that in this case you may not be able to use all functions of this website to their full extent. You can also prevent data collection through cookies concerning to your use of the website (including your IP address) and the processing of this data by Google, by downloading and installing the browser plugin available under the following link: https://tools.google.com/dlpage/gaoptout?hl=de.
In the event that personal data is transferred to Google LLC., whose headquarters is in the USA, Google LLC. has is certified by the U.S.-European data protection agreement, "Privacy Shield", which guarantees compliance with the level of data protection applicable in the EU. A current certificate can be viewed here: https://www.privacyshield.gov/list.
This website also uses Google Analytics for a cross-device analysis of visitor traffic, which is carried out via a user ID. When a page is called up for the first time, the user is assigned a unique, permanent and anonymous ID, that is set across all devices. This makes it possible to assign interaction data from different devices and from different sessions to a single user. The user ID does not contain any personal data and does not transmit such data to Google.
The collection and storage of data via the user ID can be stopped at any time for future effect. To do so, you must deactivate Google Analytics on all systems you use.You can deactivate it using a browser plugin from Google (https://tools.google.com/dlpage/gaoptout?hl=de).
Further information on Google (Universal) Analytics can be found here: https://support.google.com/analytics/answer/2838718?hl=de&ref_topic=6010376
4.2 Google Ads Conversion-Tracking
This website uses the online advertising program "Google Ads" and, as part of Google Ads, the conversion tracking of Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google"). We use the services of Google Ads to draw attention to our offers with the help of advertising material (so-called Google Adwords) on external websites . We can determine how successful the individual advertising measures are based on the data from the advertising campaigns. Through this, we aim to show you the advertisments that are of interest to you, to make our website and our online shop more interesting for you, and to achieve a fair calculation of the advertising costs incurred.
The conversion tracking cookie is set when a user clicks on an ad provided by Google. These cookies generally expire after 30 days and are not used for personal identification. If the user visits certain pages of this site and the cookie hasn't expired, Google and we can tell that the user clicked on the ad and was redirected to that page. Each Google Ads user will receive a different cookie. Cookies cannot be tracked across the websites of other Google Ads users. The information collected through the conversion cookie is used to compile conversion statistics for Google Ads users, who have requested conversion tracking. Clients can see the total number of users who clicked on their ad and were redirected to a page with a conversion tracking tag. However, they do not receive information that personally identifies users.
If you don't want to be part of the tracking, you can block this use by disabling the Google Conversion Tracking cookie in your web browser through "User Preferences". Once you do so, you will not be included in the conversion tracking statistics. We use Google Ads because of our legitimate interest in targeted advertising in accordance with Art. 6 para. 1 lit. f DSGVO.
When using Google Ads, personal data may also be transferred to the servers of Google LLC. in the USA. In the event that personal data is transferred to Google LLC. based in the USA, Google LLC. is certified by the U.S.-European data protection agreement, "Privacy Shield," which guarantees compliance with the data protection level applicable in the EU. A current certificate can be viewed here: https://www.privacyshield.gov/list.
You can permanently disable advertisement cookies by adjusting your browser software to prevent them, or by downloading and installing the browser plug-in available under the following link: https://support.google.com/ads/answer/7395996
4.3 Facebook Custom Audience via the pixel method
This website uses the "Facebook Pixel" of Facebook Inc, 1 Hacker Way, Menlo Park, CA 94025, USA ("Facebook"). If explicit consent is given, this allows the behavior of users to be tracked after they have seen or clicked on a Facebook advertisement. This process is used to evaluate the effectiveness of Facebook Ads for statistical and market research purposes and may help to optimize future advertising efforts.
The collected data is anonymous, so we cannot identify the users. However, the data is stored and processed by Facebook, so that a connection to the respective user profile is possible, and Facebook can use this data for its own advertising purposes in accordance with the Facebook Data Usage Guidelines (https://www.facebook.com/about/privacy/).
You may allow Facebook and its partners to display advertisements on and off of Facebook. A cookie may be stored on your computer for this purpose. These processing operations are carried out only if you have given your express consent in accordance with Art. 6 para. 1 lit. a DSGVO. Consent to use the Facebook Pixel may only be given by users who are older than 13 years of age. If you are younger, please ask your parent or guardian for permission.Facebook Inc., with headquarters in the USA, is certified by the U.S.-European data protection agreement, "Privacy Shield," which guarantees compliance with the data protection level applicable in the EU. The current certificate can be accessed here: https://www.privacyshield.gov/list.
Our e-mail newsletters are sent via the technical service provider, The Rocket Science Group, LLC d/b/a MailChimp, 675 Ponce de Leon Ave NE, Suite 5000, Atlanta, GA 30308, USA (http://www.mailchimp.com/), to whom we pass on the data you provide, when you register for the newsletter. This disclosure is made in accordance with Art. 6 Para. 1 lit. f DSGVO and serves our legitimate interest in the use of an effective, secure and user-friendly newsletter system.
Please note that your data is usually transferred to a MailChimp server in the USA and stored there. MailChimp uses this information to send and statistically evaluate the newsletter on our behalf. For evaluation purposes, the e-mails sent contain so-called web beacons or tracking pixels, which are one-pixel image files stored on our website. In this way it can be determined whether a newsletter message was opened and which links were clicked on if applicable. With the help of web beacons, Mailchimp automatically generates general anonymous statistics about the reaction to newsletter campaigns.
According our legitimate interest in the statistical evaluation of newsletter campaigns to optimize advertising communication and better focus on recipient interests, web beacons also collect and utilize the data of the respective newsletter recipient (e-mail address, time of access, IP address, browser type and operating system) in accordance with Art. 6 Para. 1 letter f DSGVO. These data allow an individual inference to the newsletter recipient and are processed by Mailchimp for the automated compilation of statistics, which show whether a certain recipient has opened a newsletter message.
If you want to deactivate the data analysis for statistical evaluation purposes, you have to cancel the newsletter subscription.
MailChimp may also use this data according to article 6 paragraph 1 lit. f DSGVO for its own legitimate interest in the design and optimization of the service, according to the needs of the customer as well as for market research purposes, for example to determine from which countries the recipients come. However, MailChimp does not use the data of our newsletter recipients to pass them on to third parties or contact them.
MailChimp is certified by the U.S.-European Privacy Agreement, "Privacy Shield," thus commits itself to comply with the EU data protection regulations. The current certificate can be accessed here: https://www.privacyshield.gov/list.
4.5 The use of Youtube-Videos
This website uses the YouTube embedding feature to display and play videos from the provider, "YouTube," which belongs to Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google").
You have the right to object to the creation of these user profiles, and to exercise this right, you must contact YouTube. When using YouTube, personal data may also be transferred to the servers of Google LLC. in the USA.
Irrespective of any playback of the embedded videos, a connection to the Google network is established each time this website is accessed, which may trigger further data processing operations without our influence.
In the case of the transmission of personal data to Google LLC. based in the USA, Google LLC. is certified by the U.S.-European data protection agreement, "Privacy Shield," which guarantees compliance with the data protection level applicable in the EU. The current certificate can be accessed here: https://www.privacyshield.gov/list.
4.6 Google Fonts
This site uses external fonts, so-called web fonts, for the uniform display of fonts: https://www.google.com/fonts ("Google Fonts"). The provider is Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. When you call up a page, your browser loads the required web fonts into the browser cache in order to display texts and fonts correctly. The integration of Google Fonts is done by a server call at Google (usually in the USA). Through this, Google gets to know that our website has been accessed via your IP address. Beyond that, however, no cookie are used to save personal data. For statistical evaluation, Google only records which fonts are loaded on your browser.
The use of Google Web Fonts is to offer a uniform and attractive presentation of our online services. This represents a legitimate interest within the meaning of Art. 6 para. 1 lit. f DSGVO.
If your browser does not support Web Fonts, a default font is used by the computer.
The data processing for advertising purposes by Google can be rejected by opting out through: https://adssettings.google.de/authenticated ("Manage information that Google uses to serve ads to you").
4.7 Google Maps
We have included a link to google maps instead of our own directions. The provider is also Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. To use the functions of Google Maps it is necessary to save your IP address. This information is usually transferred to a Google server in the USA and stored there. When you click on the link, your browser establishes a direct connection with the Google servers. We have no influence on this data transfer, nor do we have any influence on the extent of the data that Google may collect through this service.
4.8 Linking of our social media presence
Well, we can't deny it: We like social media too. Followers and Likes are good for our ego and help us spread our ideas and products. Anyway, we have linked our various profiles on our website. We'd really like to explain to you in detail and in an easily understandable way what this means for your data. But we just can't do it. Anyway, we have understood that Facebook could definitely read data via a Like button. That's why we don't have one. But do you really think we could explain to you what happens to your data via this link or our Facebook profile? No. Neither do we.
5. Your rights
With regard to your rights listed below, as well as any further questions about data protection at our company, you can contact us any time via the address given in the legal information.
5.1 Rights to information, blocking, and deletion
You have the right to request free-of-charge information at anytime about which personal data, such as origin, purpose and recipients, we have stored about you. You can also request the correction of incorrect data, the restriction of processing, and the deletion of your personal data.
5.2 The right to data portability
You have the right to have the data, which we process automatically on the basis of your consent or in fulfillment of a contract, handed over to you or to a third party in a standard, machine-readable format. If you request the direct transfer of the data to another responsible party, this will only be done as long as it is technically feasible.
5.3 Right to withdraw your consent to data processing
You can revoke a declared consent at any time with future effect. For this purpose, an informal communication by e-mail to us is sufficient. The legality of the data processing that took place until the revocation remains unaffected by the revocation.
5.4 The right of complaint to the relevant supervisory authority
If you accept an unlawful data processing operation, you are free to file a complaint with the relevant supervisory authority. The responsible supervisory authority in matters of data protection law is the State Data Protection Commissioner of the federal state, in which our company is based. In our case, this is North Rhine-Westphalia. A list of the data protection commissioners and their contact details can be found under the following link: https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html
5.5 The right of objection
You can also object to the processing of your personal data at any time in compliance with legal requirements. The objection may specifically be made against the processing of your data for the purposes of targeted advertising.
6. The deletion of data
We delete the data we have stored as soon as they are no longer required for their intended purpose, and the deletion does not conflict with any legal storage regulations. If the data are not deleted because they are required for other and legally permissible purposes, their processing is restricted. This means that the data is only processed for these purposes and blocked for all other purposes.
This applies, for example, to data which we have to store for reasons of commercial or tax law. According to legal requirements, this data is stored for 6 years in compliance with § 257 para. 1 HGB (account books, inventories, opening balance sheets, annual financial statements, commercial letters, accounting vouchers, etc.) and for 10 years in compliance with § 147 para. 1 AO (books, records, management reports, accounting vouchers, commercial and business letters, documents relevant to taxation, etc.).
Questions and contact details
If you wish to access, correct, modify, or delete your personal information, make a complaint or simply request further information, simply send us an e-mail: firstname.lastname@example.org or write us a letter to:
Schuss und Kette UG (haftungsbeschränkt)
Heinrich-Heine Allee 33
Phew, you made it! This was more exhausting than vacuuming the rug.