The protection of your privacy when using our website is particularly important to us. In the following, we therefore inform you about the collection of anonymous and personal data.
Provider / responsible party in terms of data protection
This website is a service of
HOCO ONLINE GmbH
Pankstr. 8 D
Managing directors: Daniel Bohne, Sven Mack
Telephone: +49 30 959981143
Fax: +49 30 959981140
Registered in the Commercial Register of the Charlottenburg District Court under HRB 175642B
Data protection officer
ecolaw.de Company for Data Security & Data Protection mbH
Roseggerstraße 1, D-38440 Wolfsburg, Germany
represented by the managing director, Mr Florian König
Phone +49 5361 27 29 293
Fax +49 5361 27 29 296
Data protection (a) ecolaw.de
Registered in the Commercial Register of the District Court of Braunschweig under HRB 203444
Competent supervisory authority
The Berlin Commissioner for Data Protection and Freedom of Information, Friedrichstr. 219, 10969 Berlin, Tel.: 030/13889-0, Fax: 030/2155050, E-Mail: email@example.com
Your personal data (e.g. title, name, address, e-mail address, telephone number, bank details, credit card number) will be processed in compliance with the relevant statutory data protection provisions, in particular REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of individuals with regard to the processing of personal data. April 2016 on the protection of individuals with regard to the processing of personal data, on the free movement of such data and repealing Directive 95/46/EC (the General Data Protection Regulation – DSGVO), the German Federal Data Protection Act (Bundesdatenschutzgesetz – BDSG) and other data-related laws [e.g. the German Telemedia Act (Telemediengesetz – TMG)].
According to the DSGVO and other regulations, data processing and use is only permitted if the DSGVO or another legal regulation expressly permits it or if the data subject consents (prohibition with reservation of permission). According to these legal bases, data processing and use is only permitted in particular if
a) the data subject has given his or her consent to the processing of personal data relating to him or her for one or more specific purposes;
(b) processing is necessary for the performance of a contract to which the data subject is party or for the implementation of pre-contractual measures taken at the data subject’s request;
(c) processing is necessary for compliance with a legal obligation to which the controller is subject;
(d) processing is necessary in order to protect the vital interests of the data subject or of another natural person;
(e) processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
(f) processing is necessary for the purposes of the legitimate interests of the controller or a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require the protection of personal data, in particular where the data subject is a child.
Accordingly, we only use and process your personal data within the permissible scope of contract processing or if you have given informed consent.
As a matter of principle, we do not pass on your personal data, including your address and e-mail address, to third parties. Exceptions to this are our service partners who require the transmission of data for the processing of the contractual relationship or if we have expressly pointed this out. In these cases, however, the scope of the transmitted data is always limited to the necessary minimum.
Anonymous data collection
In principle, you can visit our website without telling us who you are. We only learn the name of your internet service provider, the website from which you are visiting us and the pages of our website that you visit. This information is only analysed for statistical purposes. As an individual user, you will remain anonymous and your personal data will not be linked to any other data, unless you have expressly consented to this or one of the following cases applies.
Collection of personal data when visiting our website and using our services in general
Personal data is only collected by us if you provide it voluntarily and of your own accord. This may be the case, for example, when placing an order or executing a contract, in a survey or when registering for services for which registration with personal data is required (e.g. for orders, special promotions, competitions, newsletter dispatch or similar). In such cases, we only collect the data that we are legally authorised to collect and that is absolutely necessary for the performance of the services you have requested (e.g. in the case of orders, this would generally be your name, address, telephone number and e-mail address; in the case of registration for the newsletter, for example, only your e-mail address). If we collect personal data from you (e.g. via a contact or order form), you only ever have to provide the required data. The mandatory data fields are marked with an asterisk. All additional data you provide is purely voluntary and does not have to be disclosed by you. If you nevertheless provide this data, then by disclosing it you give us your consent that we may also store and process this data of yours for the purpose stated in each case; in some cases we also request your express consent for purposes under data protection law that require express consent, which you can of course give voluntarily, is not tied to any further requirements and can be revoked at any time for the future.
For the highest possible security of your data, it is transmitted in encrypted form using SSL encryption. This is to prevent misuse of the data by third parties. Your data will only be stored and processed by us on servers within the European Union. As a matter of principle, data is not transferred to third countries unless we are entitled and/or obliged to do so by law or you have given your express prior consent. However, these cases are then also clearly marked in each case.
Data processing for contract fulfilment
Purpose of processing
Within the framework of our ordering process, for example, you provide us with your personal data. The mandatory data marked with an “asterisk” in this context is personal data that is required for the conclusion of a contract with us. Of course, you are not obliged to provide your personal data. However, we cannot provide the service requested by you (e.g. contract fulfilment) without your communication of the required data (e.g. your address in the case of an order). In the case of some payment procedures, we require the necessary payment data in order to pass them on to a payment service provider commissioned by us. The processing of your data entered in the ordering process is therefore always for the purpose of fulfilling the contract.
The legal basis for this processing is Art. 6 para. 1 b) DSGVO.
Payment service providers, shipping service providers, if applicable merchandise management system, if applicable suppliers (dropshipping).
We store the data required to process the contract until the expiry of the statutory warranty and, if applicable, contractual guarantee periods.
We store the data required by commercial and tax law for the periods specified by law, regularly ten years (cf. § 257 HGB, § 147 AO).
E-mail addresses that we receive solely for the purpose of sending newsletters are deleted immediately as soon as you unsubscribe from the newsletter.
Data protection consent
By registering for our newsletter registration, customer account registration and ordering services, you consent to the following
- we may use your personal data, namely title, first name, last name, address, country, e-mail as well as
- IP address
- Location (geographical characteristics)
are collected and processed for the following purposes:
- Orders and order processing
- Shipping notifications
- Newsletter (marketing purposes)
Google’s basic statements on data protection for the Analytics analysis service can be found here https://www.google.com/analytics/learn/privacy.html?hl=de.
Google Analytics advertising functions
We use the advertising functions of Google Analytics. Here, in addition to the data collected by the standard implementation of Google Analytics, Google Analytics collects further data on accesses via Google cookies for ad specifications and anonymous identifiers. This includes in particular the following functions:
We use the following Google Analytics advertising features: Re-Marketing with Google Analytics.
We use the Google Analytics cookies for advertising purposes as follows: For targeting advertising preferences.
You can disable the Google Analytics advertising features we use as follows:
Adwords conversion pixel
We use so-called Adwords conversion pixels to recognise your user behaviour. Conversion tracking is a free tool that allows us to record what happens after a user clicks on our ad. This could be, for example, buying a product, signing up for a newsletter, calling your business or downloading your app. Here, your IP address may be transmitted to the respective service. You can find more detailed information here: https://support.google.com/adwords/answer/1722022?hl=de&ref_topic=3119146
Facebook conversion pixel
To recognise your user behaviour, we use so-called “visitor action pixels”. Conversion measurement allows us to track across devices (including mobile phones, tablets and desktop computers) what actions people take after seeing our Facebook ads. By creating a Facebook pixel and adding it to our pages where conversions are made (e.g. the purchase confirmation page), we can identify which people make conversions as a result of our Facebook ads. The pixel further monitors the actions that people take after clicking on our ads. Here, we can identify on which device our customers saw the ad and on which devices they ultimately made the conversion.
CONSENT to conversion measurement with Facebook’s visitor action pixel.
Use of Facebook and Google+ plugins
So-called social plugins (“plugins”) of the social networks Facebook and Google+ are used on our website. These services are offered by the companies Facebook Inc. and Google Inc. (“providers”). Facebook is operated by Facebook Inc.,1601 S. California Ave, Palo Alto, CA 94304, USA (“Facebook”).
Google+ is operated by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”).
An overview of the plugins and their appearance can be found here: http://developers.facebook.com/plugins or https://developers.google.com/+/plugins.
When you call up a page of our website that contains such a plugin, your browser establishes a direct connection to the Google or Facebook servers. The content of the plugin is transmitted directly to your browser by the respective provider and integrated into the page. By integrating the plugins, the providers receive the information that your browser has accessed the corresponding page of our website, even if you do not have a profile with the corresponding social network or are not currently logged in.
This information (including your IP address) is transmitted by your browser directly to a server of the respective provider in the USA and stored there. If you are logged into one of the social networks, the providers can directly assign your visit to our website to your profile on Facebook or Google+. If you interact with the plugins, for example by clicking the “Like” button or the “+1” button, the corresponding information is also transmitted directly to a server of the providers and stored there. The information is also published in the social network and displayed there to your contacts. The purpose and scope of the data collection and the further processing and use of the data by the providers as well as your rights in this regard and setting options for protecting your privacy can be found in the data protection information of the providers. Data protection information from Facebook: http://www.facebook.com/policy.php Data protection information from Google: http://www.google.com/intl/de/+/policy/+1button.html
If you do not want Google or Facebook to directly assign the data collected via our website to your profile in the respective social network, you must log out of the corresponding network before visiting our website.
You can also completely prevent the loading of the plugins with add-ons for your browser, e.g. with the script blocker “NoScript”(http://noscript.net/).
Integration of third-party services and content
It may happen that third-party content, such as videos from YouTube, maps from Google Maps, RSS feeds or graphics from other websites are integrated within this online offer. This always requires that the providers of this content (hereinafter referred to as “third-party providers”) are aware of the IP address of the user. Without the IP address, they could not send the content to the browser of the respective user. The IP address is therefore necessary for the display of this content. We endeavour to only use content whose respective providers only use the IP address to deliver the content. However, we have no influence if the third-party providers store the IP address, e.g. for statistical purposes. Insofar as we are aware of this, we will inform users of this.
Revocation of your consent
If you have given us your consent under data protection law for certain data uses and/or services, you can of course revoke this consent at any time with effect for the future. To do so, simply send a message to the address given below:
HOCO ONLINE GmbH
Pankstr. 8 D
Telephone: +49 30 959981143
Fax: +49 30 959981140
Your rights as a data subject
As a data subject, you have various rights with regard to your personal data. We have taken appropriate measures here as a data controller to provide you as a data subject with all information pursuant to Articles 13 and 14 of the GDPR and all notices pursuant to Articles 15 to 22 and Article 34 of the GDPR that relate to the processing in a precise, transparent, comprehensible and easily accessible form in clear and simple language; this applies in particular to information specifically aimed at children. The information shall be provided in writing or in another form, including, where appropriate, electronically. If requested by you, the information may also be provided orally, provided that your identity as a data subject has been proven in another form.
Among other things, you naturally have the right at any time to request information in writing or electronically about the data stored about you and its origin, the recipient(s) to whom the data is disclosed and the purpose for which it is stored. In addition, you have the right to demand that incorrect data be corrected and, if the legal requirements for this are met, that your data be deleted or blocked. For this purpose, a simple message to the address given below will suffice:
HOCO ONLINE GmbH
Pankstr. 8 D
Telephone: +49 30 959981143
Fax: +49 30 959981140
Specifically, you have the following rights mentioned:
Right to confirmation and information
You can ask us to confirm whether personal data relating to you is being processed by us.
If we are processing data about you, you can ask us for information about the following:
(a) the purposes for which the personal data are processed;
b) the categories of personal data which are processed;
c) the recipients or categories of recipients to whom the personal data concerning you have been or will be disclosed;
d) the planned duration of the storage of the personal data relating to you or, if specific information on this is not possible, criteria for determining the storage period;
e) the existence of a right to rectification or erasure of the personal data concerning you, a right to restriction of processing by us or a right to object to such processing;
f) the existence of a right of appeal to a supervisory authority;
(g) any available information on the origin of the data if the personal data are not collected from the data subject;
(h) the existence of automated decision-making, including profiling, pursuant to Article 22(1) and (4) of the GDPR and, at least in those cases, meaningful information about the logic involved and the scope and intended effects of such processing for the data subject.
Furthermore, you have the right to request information as to whether the personal data concerning you are transferred to a third country or to an international organisation. In this context, you may request to be informed about the appropriate safeguards pursuant to Article 46 of the GDPR in connection with the transfer.
Right to rectification
You have a right to rectification and/or completion vis-à-vis us, insofar as the personal data processed concerning you is incorrect or incomplete. We must of course make the rectification without delay.
Right to restriction of processing
You may request the restriction of the processing of personal data concerning you under the following conditions:
(a) if you contest the accuracy of the personal data concerning you for a period of time which enables us to verify the accuracy of the personal data;
b) if the processing is unlawful and you object to the erasure of the personal data and request instead the restriction of the use of the personal data;
(c) if we no longer need the personal data for the purposes of the processing but you need it for the establishment, exercise or defence of legal claims; or
d) if you have objected to the processing pursuant to Article 21(1) DSGVO and it has not yet been determined whether the legitimate grounds to which we are entitled outweigh your grounds.
If the processing of personal data relating to you has been restricted, this data may – apart from being stored – only be processed by us or by authorised third parties with your consent or for the assertion, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of an important public interest of the Union or a Member State.
If the restriction of processing has been restricted in accordance with the above conditions, we will inform you before the restriction is lifted.
Right to erasure
a) Obligation to erase
You may request that we erase the personal data concerning you without undue delay and we are obliged to erase such data without undue delay if one of the following reasons applies:
(aa) the personal data concerning you is no longer necessary for the purposes for which it was collected or otherwise processed.
bb) You revoke your consent on which the processing was based pursuant to Art. 6 (1) (a) or Art. 9 (2) (a) DSGVO and there is no other legal basis for the processing.
cc) You object to the processing pursuant to Article 21(1) of the GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Article 21(2) of the GDPR.
dd) The personal data concerning you have been processed unlawfully.
ee) The deletion of the personal data concerning you is necessary for compliance with a legal obligation under Union or Member State law to which we are subject.
ff) The personal data concerning you was collected in relation to information society services offered pursuant to Art. 8(1) DSGVO.
b) Information to third parties
If we have made the personal data concerning you public and we are obliged to erase it pursuant to Article 17(1) DSGVO, we shall take reasonable steps, including technical measures, having regard to the available technology and the cost of implementation, to inform the data controllers processing the personal data that you, as the data subject, have requested that they erase all links to, or copies or replications of, that personal data.
The right to erasure shall not apply to the extent that the processing is necessary
aa) for the exercise of the right to freedom of expression and information;
bb) for compliance with a legal obligation which requires processing under Union or Member State law to which we are subject, or for the performance of a task carried out in the public interest or in the exercise of official authority vested in us;
cc) for reasons of public interest in the area of public health pursuant to Art. 9(2)(h) and (i) and Art. 9(3) DSGVO;
dd) for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes pursuant to Art. 89(1) DSGVO, insofar as the right referred to in section a) is likely to render impossible or seriously prejudice the achievement of the purposes of such processing; or
ee) for the assertion, exercise or defence of legal claims.
Right to information
If you have asserted the right to rectification, erasure or restriction of processing against us, we are obliged to inform all recipients to whom the personal data concerning you has been disclosed of this rectification or erasure of the data or restriction of processing, unless this proves impossible or involves a disproportionate effort.
You have the right to be informed about these recipients.
Right to data portability
You have the right to receive the personal data concerning you that you have provided to us in a structured, common and machine-readable format. You also have the right to transfer this data to another controller without hindrance, provided that
a) the processing is based on consent pursuant to Art. 6 para. 1 lit. a DSGVO or Art. 9 para. 2 lit. a DSGVO or on a contract pursuant to Art. 6 para. 1 lit. b DSGVO and
b) the processing is carried out with the help of automated procedures.
In exercising this right, you also have the right to have the personal data concerning you transferred directly from us to another controller, insofar as this is technically feasible. The freedoms and rights of other persons must not be affected by this.
The right to data portability does not apply to processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in us.
Right to object
You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is carried out on the basis of Article 6(1)(e) or (f) DSGVO; this also applies to profiling based on these provisions.
We will then no longer process the personal data relating to you unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.
If the personal data concerning you is processed for the purposes of direct marketing, you have the right to object at any time to the processing of personal data concerning you for the purposes of such marketing; this also applies to profiling insofar as it is related to such direct marketing.
If you object to the processing for direct marketing purposes, the personal data concerning you will no longer be processed for these purposes.
You have the possibility, in connection with the use of information society services, notwithstanding Directive 2002/58/EC, to exercise your right to object by means of automated procedures using technical specifications.
Right to revoke your consent under data protection law
You have the right to revoke your declaration of consent under data protection law at any time. The revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation.
Automated decision in individual cases including profiling
You have the right not to be subject to a decision based solely on automated processing – including profiling – which produces legal effects concerning you or similarly significantly affects you. This does not apply if the decision
a) is necessary for the conclusion or performance of a contract between you and us,
b) is permissible on the basis of legal provisions of the Union or the Member States to which we are subject and these legal provisions contain appropriate measures to protect your rights and freedoms as well as your legitimate interests; or
c) is done with your explicit consent.
However, these decisions must not be based on special categories of personal data as defined in Art. 9(1) of the GDPR, unless Art. 9(2)(a) or (g) applies and appropriate measures have been taken to protect the rights and freedoms as well as your legitimate interests.
With regard to the cases mentioned in a.) and c.), we take appropriate measures to protect the rights and freedoms as well as your legitimate interests.
Right to complain to a supervisory authority
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your residence, workplace or the place of the alleged infringement, if you consider that the processing of personal data concerning you infringes the GDPR.
The supervisory authority to which the complaint has been lodged shall inform the complainant of the status and outcome of the complaint, including the possibility of a judicial remedy under Article 78 GDPR.
If you have any further questions or suggestions on the subject of “data protection” with us, or if you would like information about your data or would like it corrected or deleted, please write by e-mail or letter to:
HOCO ONLINE GmbH
Pankstr. 8 D
Telephone: +49 30 959981143
Fax: +49 30 959981140
Berlin, Februay 2020