Kitchenfamily: Data protection

1. Introduction

The following information is intended to provide you, as the ‘data subject’, with an overview of the processing of your personal data by us, and of your rights under data protection legislation. In principle, it is not necessary to enter personal data in order to use our website. The use of certain services of our company via our website may require the processing of personal data. If the processing of personal data is necessary and if there is no legal basis for such processing, we will generally ask for your consent.

The processing of personal data, for example your name, address or e-mail address, always takes place in accordance with the General Data Protection Regulation (GDPR) and the data protection provisions applicable to Möbel Logistik Löhne GmbH & Co. KG. This privacy statement informs you about the scope and purpose of the collection, use and processing of your personal data by us.

As the data controller, we have implemented numerous technical and organisational measures to ensure the most complete protection of personal data processed through this website. However, security breaches can occur when transmitting data over the internet, so it is not possible to guarantee complete protection. For this reason, you can send us your personal data by other means, for example by telephone or post.

2. Controller

The controller within the meaning of the GDPR is:

Möbel Logistik Löhne GmbH & Co. KG

Im Niedernbrock 50, D-32584 Löhne

Telephone: +49 5732 98177-411

Email: info@ml-loehne.de

3. Data Protection Officer

You can contact the Data Protection Officer by the following means:

Telephone: +49 5221 87292-11

Fax: +49 5221 87292-49

Email: datenschutz@ml-loehne.de

You can address all your questions and suggestions regarding data protection directly to our data protection officer at any time.

4. Definition of terms
The privacy statement is based on terms used by the European legislator when adopting the General Data Protection Regulation (GDPR). Our privacy statement should be easy to read and understand, not only for the public but also for our customers and business partners. To ensure this, we would first like to define the terms used.

Among others, we use the following terms in this privacy statement:

1. Personal data

Personal data is any information relating to an identified or identifiable natural person. An ‘identifiable natural person’ is a natural person who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

2. Data subject

A data subject is an identified or identifiable natural person whose personal data is processed by the data controller (our company).

3. Processing
Processing is any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

4. Restriction of processing

Restriction of processing is the marking of stored personal data with the aim of limiting their processing in the future.

5. Profiling

Profiling consists of any form of automated processing of personal data consisting of the use of such personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.

6. Pseudonymisation

Pseudonymisation is the processing of personal data in such a way that the data can no longer be attributed to a specific data subject without the use of additional information, provided that this additional information is kept separately and is subject to technical and organisational measures ensuring that the personal data is not attributed to an identified or identifiable natural person.

7. Processor

The processor is the natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

8. Recipient

The recipient is the natural or legal person, public authority, agency or any other body to whom personal data are disclosed, whether a third party or not. However, public authorities that may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients.

9. Third parties

A third party is a natural or legal person, public authority, agency or body other than the data subject, the controller, the processor and the persons who, under the direct authority of the controller or the processor, are authorised to process the personal data.

10. Consent

The consent of the data subject is any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

5. Legal basis for the processing

Art. 6 para. 1 lit. a GDPR (in conjunction with § 15 para. 3 of the German Telemedia Act TMG) serves as the legal basis for our company in the context of processing activities for which we request consent for a specific processing purpose.

If the processing of personal data is necessary for the fulfilment of a contract to which you are a contracting party, as is the case, for example, with processing activities necessary for the delivery of goods or the provision of another service or consideration, the processing is based on Art. 6 para. 1 lit. b GDPR. The same applies to processing activities necessary for the execution of pre-contractual measures, for example in the case of requests relating to our products or services.

If our company is subject to a legal obligation that requires the processing of personal data, for example to fulfil tax obligations, the processing is based on Article 6(1)(c) of the GDPR.

In rare cases, the processing of personal data may be necessary to protect the vital interests of the data subject or of another natural person. This would be the case, for example, if a visitor were to be injured on our company's premises, in which case his or her name, age, health insurance details or other vital information would have to be passed on to a doctor, hospital or other third party. In this case, the processing is based on Art. 6(1)(d) GDPR.

Finally, the processing operations could be based on Art. 6(1)(f) GDPR. This legal basis forms the basis for processing activities not covered by the aforementioned legal bases, where the processing is necessary to safeguard a legitimate interest of our company or of a third party, provided the interests, fundamental rights and fundamental freedoms of the data subject do not prevail. In particular, such processing activities are permitted to us because they have been specifically mentioned by the European legislator. On this point, it is of the opinion that a legitimate interest could exist if you are a customer of our company (recital 47, sentence 2 of the GDPR).

6. Transfer of data to a third party

Your personal data will not be transferred to third parties for purposes other than those listed below.

We will only transfer your personal data to a third party in the following cases:

You have explicitly given your consent in accordance with Art. 6 para. 1 p. 1 lit. a GDPR,
the transfer in accordance with Art. 6 para. 1 p. 1 lit. f GDPR is permitted to preserve our legitimate interests and there is no reason to assume that you have an overriding legitimate interest in the non-transfer of your data,
in the event that a legal obligation exists for the transfer according to art. 6 para. 1 p. 1 lit. c GDPR, and
when this action is legally permitted and necessary for the conduct of contractual relations with you according to art. 6 para. 1 p. 1 lit. b GDPR.

We have entered into a data processing agreement with a subcontractor based on standard contractual clauses established by the European Commission in order to protect your data and, where applicable, to enable the transfer of data to a third country (outside the EU/EEA). These provisions can be accessed on the European Commission's website (https://eur-lex.europa.eu/legal-content/FR/TXT/?uri=celex%3A32010D0087).

7. Technology

7.1 SSL/TLS encryption

This page aims to guarantee the security of data processing and to protect the transmission of confidential content such as orders, connection data or contact details that you send us as a manager, with SSL or TLS encryption. You can identify the encryption of a connection by the ‘https://’ instead of the ‘http://’ and the key symbol in the browser's address bar.

We use this technology to protect the data you have sent us.

7.2 Data entry when visiting the website
When you use our website for purely informational purposes, i.e. when you do not register or send us any other information, we only have the data that your server sends to us (in ‘log files’). Every time a page is accessed, our website collects a range of general data and information via you or an automated system. This general data and information is stored in the server log files. The data that may be collected includes

the types and versions of browsers used,
the operating system used by the connecting system,
the website from which a connecting system arrives on our website (the ‘referrer’),
the secondary web page from which a connecting system is directed to our website,
the date and time of access to the website,
a shortened protocol address (anonymised IP address)
the Internet service provider of the connecting system.

We cannot draw any conclusions about you personally from the use of this general data and information. Instead, this information is needed to

display the contents of our website correctly,
optimise the contents of our website and the advertising on it,
guarantee the functionality of our IT systems and the technology of our website, and
provide law enforcement authorities with the information they need for prosecution in the event of a cyberattack.

Consequently, we use this collected data and information on the one hand for statistical purposes and on the other hand with the aim of improving data protection and data security within our company in order to ultimately ensure an optimal level of protection for the personal data we process. The log file data is stored separately from all personal data provided by a data subject.

The legal basis for the processing of the data is Art. 6(1)(1)(f) GDPR. Our legitimate interest arises from the aforementioned purposes for data collection.

8. Cookies

8.1 General information about cookies

Our website uses cookies. These are small information files that your browser automatically creates and that are stored on your computer system (laptop, tablet, smartphone, etc.) when you visit our site.

The cookie contains information relating to the specific device used. However, this does not mean that we can immediately identify you personally.

The use of cookies serves on the one hand to make the use of our offer more pleasant for you. For example, we use session cookies to recognise which pages of our website you have already visited. These are automatically deleted when you leave our site.

We also use temporary cookies to optimise user-friendliness; these are stored on your device for a specific period of time. If you return to our site to use our services, they automatically recognise that you have already visited our site and remember the data and settings you selected, so that you do not have to repeat the procedure.

We also use cookies to compile statistics on the use of our website in order to optimise our offer for you. These cookies enable us to automatically recognise that you have already visited our site when you return to it. These cookies are automatically deleted after a defined period.

8.2 Legal basis for the use of cookies

The data processed by cookies and required for the proper functioning of the website is necessary to safeguard our legitimate interests and those of third parties, in accordance with Art. 6(1)(1)(f) GDPR.

For all other cookies, you give your consent via our opt-in cookie banner, in accordance with Art. 6(1)(a) GDPR.

8.3 Matomo

We have integrated the Matomo component on our website from the provider InnoCraft Ltd., 150 Willis St, 6011 Wellington, New Zealand. Matomo is a software tool for statistical web analysis, and thus for the collection, compilation and analysis of data on the behaviour of website visitors. Data will be collected on the website from which a data subject arrived at the website (the ‘referrer’), the pages of the website that were accessed and the frequency with which a page is viewed, among other things. This system is used to optimise the website and analyse the cost-benefit ratio of internet advertising.

The software is managed on the server of the data controller, and log files that are sensitive in terms of data protection are saved exclusively on this server.

When you give your consent via our cookie banner, Matomo saves a cookie on your computer system. Saving the cookie allows us to analyse the use of our website. When each page of this website is accessed, the Matomo components automatically instruct the web browser on your computer system to transmit data to our server for the purpose of online analysis. As part of this technical process, we obtain knowledge of personal data, such as the IP address of the person concerned, which enables us, among other things, to track the origin of visitors and clicks.

Thanks to cookies, personal information such as the time, place and frequency of visits are saved on our website. Each time you visit our website, this personal data, including the IP address of the Internet connection you are using, will be sent to our server. This personal data is stored by us. We do not pass this personal data on to third parties.

These processing operations are carried out exclusively if you have explicitly given your consent in accordance with Art. 6 para. 1 lit. a GDPR.

You can find further information and Matomo's privacy policy at matomo.org/privacy/.

In any case, you can prevent our website from setting cookies at any time by changing the relevant setting in your web browser. This setting in your web browser will also prevent Matomo from setting a cookie on your computer system. In addition, a cookie already set by Matomo can be deleted at any time via a web browser or other software programs.

9. Yumpu

To display the catalogues embedded in our website, we use ‘Yumpu’, a tool from the provider i-magazine AG (‘Yumpu’), Gewerbestrasse 3, 9444 Diepoldsau, Switzerland.

Thanks to Yumpu, the contents of a PDF file are inserted free of charge as a catalogue in an accessible and readable way in your browser, without you having to download a PDF file.

In order to perform this service, your web browser directly accesses the content on Yumpu. On this occasion, Yumpu collects (as when you visit any website) your IP address, information about your web browser, your operating system, the date and time of access, as well as so-called referrer data, i.e. -i.e. information that makes it possible to know through which pages you accessed the website with Yumpu components, provided that your browser does not hide the referrer data.

For more information, see Yumpu's privacy statement at www.yumpu.com/fr/info/privacy_policy.

The processing of your personal data via Yumpu is based on our legitimate interest in the attractive design of our website in accordance with Art. 6 (1) (f) GDPR.

The transfer of your personal data to Switzerland is justified by the adequacy decision 2000/518/EC (https://eur-lex.europa.eu/legal-content/FR/TXT/?uri=CELEX%3A32000D0518).

10. Your rights as a data subject

10.1 The right to confirmation

You have the right to ask us to confirm whether or not personal data concerning you is being processed.

10.2 The right to information according to art. 15 GDPR
You have the right to request information about the personal data stored about you and a copy of this data at any time and free of charge.

10.3 Right to rectification in accordance with Art. 16 GDPR
You have the right to request the rectification of any inaccurate personal data concerning you. Furthermore, taking into account the purpose of the processing, you have the right to request the completion of any incomplete personal data.

10.4 Erasure in accordance with Art. 17 GDPR
You have the right to demand that we immediately erase your personal data, provided that one of the legal grounds provided for applies and that processing or storage is not required.

10.5 Restriction of processing according to art. 18 GDPR

You have the right to request that we restrict processing if one of the legal conditions is met.

10.6 Data portability in accordance with Art. 20 GDPR

You have the right to receive the personal data concerning you that you have provided to us in a structured, commonly used and machine-readable format. You also have the right to transfer this data to another controller without hindrance from us, to whom the personal data has been made available, provided that the processing is based on consent in accordance with Art. 6(1)(a) GDPR or Art. 9(2)(a) GDPR or on a contract in accordance with Art. 6(1)(b) GDPR, and that the processing takes place within the framework of an automated process, provided that the processing is not required for the performance of a task carried out in the public interest or in the exercise of official authority vested in us.

Furthermore, in exercising your right to data portability in accordance with Art. 20(1) GDPR, you have the right to have the personal data transmitted directly from one controller to another, where technically feasible and provided that the rights and freedoms of others are not affected by the process.

10.7 Objection according to art. 21 GDPR

You have the right, for reasons arising from your personal situation, to object at any time to the processing of personal data concerning you based on art. 6 para. 1 lit. e (data processing in the public interest) or f (data processing based on a balance of interests) GDPR.

This also applies to profiling based on these provisions within the meaning of Art. 4(4) GDPR.

If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights and freedoms, or the processing is for the establishment, exercise or defence of legal claims.

In a few exceptional cases, we process personal data to display direct advertising. You may object at any time to the processing of personal data for the purposes of this type of advertising. The same applies to profiling, provided that it is related to this type of direct advertising. If you object to the processing of data for direct advertising purposes, we will no longer process personal data for this purpose.

In addition, you have the right, for reasons arising from your particular situation, to object to the processing of personal data concerning you that we carry out for economic or historical research purposes, or for statistical purposes in accordance with Article 89(1) of the GDPR, unless such processing is necessary for the performance of a task carried out in the public interest.

In the context of the use of information society services, you may exercise your right to object by automated means using technical specifications, notwithstanding Directive 2002/58/EC.

10.8 Revocation of data protection consent

You have the right to revoke the processing of personal data at any time with future effect.

10.9 Complaint to a supervisory authority

You have the right to lodge a complaint regarding our processing of personal data with a data protection supervisory authority.

11. Routine backup, deletion and blocking of personal data

We process and store your personal data only for the period necessary to fulfil the purpose of such storage, and insofar as permitted by the legal provisions to which our company is subject.

If the purpose of the storage ceases to exist or if the mandatory storage period expires, the personal data is generally blocked or deleted in accordance with the legal provisions in force.

12. Additional information on other types of data processing

As a company, we do not only process personal data on our website, but also in many other processes. In order to provide you, as the data subject, with the most comprehensive information possible regarding the purposes of the processing, we have compiled the following processing activities for you and thus comply with the legal information obligations according to Art. 12-14 GDPR:

Data protection information in the context of processing contact data and communication partners
Data protection information in the context of processing customer, supplier and service provider data

If you require further information that you cannot find here or in the detailed privacy statement, please feel free to contact our data protection officer.

13. Updates and amendments to the privacy statement

The development of our websites and our offers or changes in legislation or regulatory standards may make it necessary to amend this privacy statement.