(Date: January 18, 2022)
Data protection is very important to us. We strictly adhere to statutory regulations and respect privacy during data processing. We only ever process personal data in accordance with statutory regulations. The specific legal grounds for data protection can be found in the EU General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG).
We have put together some information on this website regarding data protection and related topics that are applicable to:
- the use and visit of our webshop https://b2bshop.it-haus.com/
and related issues (incl. tracking). When setting your preferences for our website, please refer to the additional information in our cookie banner.
I. Who is responsible for data protection?
- The “controller”, as defined in Art. 4 (7) GDPR, and service provider is:
- IT-HAUS GmbH (hereinafter referred to as “IT-HAUS” or “we”).
- Europa-Allee 26/28, 54343 Föhren (DE)
- Tel.: +49 6502 9208-0, Fax: +49 6502 9208-850
- Email: info[at]it-haus.com
- Managing Directors: Ingo Burggraf, Stefan Sicken, Dr Thomas Simon
- Data Protection Officer (internal) is
- Ms Tamara Mai
- IT-HAUS GmbH
- Europa-Allee 26/28, 54343 Föhren (DE)
- Email: datenschutz[at]it-haus.com
II. Waht is personal data?
The term “personal data” is used to refer to all information concerning an identified or identifiable natural person. This includes your name, address, phone number, and the data used to access your customer account. Personal data also includes the IP address of the connection you use to navigate through our pages, as well as all associated data concerning your surfing habits. Non-personal data is all other information (e.g. today’s date).
III. your rights
We would firstly like to inform you about your rights as a data subject.
You can exercise the following rights against IT-HAUS about your personal data:
- Right of access;
- Right to rectification or erasure;
- Right to the restriction of processing;
- Right to object to data processing;
- Right to data portability.
Here is a more detailed overview of your rights:
You may ask us to confirm whether your personal data is being processed at any time; this being the case, you have the right to access the personal data stored on you. You may exercise this right by contacting Tamara Mai via email at datenschutz[at]it-haus.com.
If the legal requirements are met, you may also OBJECT to data processing: If we are processing your personal data based on our legitimate interest, you may formally object to this processing. This will particularly be the case if processing is not required for the execution of a contract with you, as indicated with the description of each feature below. When exercising your right to object, we kindly ask you to state the reasons why we should no longer process your personal data. If your objection is justified, we will examine the situation and either stop/adjust our data processing or indicate the essential and legitimate reasons for the continuation of our processing.
You may object to the processing of your personal data for the purposes of marketing and data analysis at any time. Please use the following contact details to inform us of your objection:
Europa-Allee 26/28, 54343 Föhren (DE)
Tel.: +49 6502 9208-0, Fax: +49 6502 9208-850
If you have given your consent to data processing, you may withdraw this at any time. Once you have withdrawn your consent, we will no longer be permitted to process your personal data.
You also have the right to rectify any incorrect information, restrict data processing and request the deletion of your personal data following its collection and processing. Under the conditions laid down in Art. 20 GDPR, you also have the right to data portability, i.e. to receive your personal data in a structured, machine-readable and common format, and to transmit this data to another controller without being impeded by us.
If you would like to exercise your data protection rights, please refer to the contact details in our Legal Notice or send an email to Tamara Mai at datenschutz[at]it-haus.com.
If you have any further questions, suggestions or complaints about our data protection information and the processing of your personal data, you can contact Tamara Mai directly at datenschutz[at]it-haus.com.
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a (data protection) supervisory authority – particularly in the Member State of your habitual residence, place of work or place of the alleged infringement – if you believe the processing of your personal data infringes German or European data protection law. The supervisory authority for Rhineland-Palatinate is: The State Commissioner for Data Protection and Freedom of Information in Rhineland-Palatinate; Postal Address: Postfach 30 40, D-55020 Mainz; Visiting Address: Hintere Bleiche 34, D-55116 Mainz, Tel.: +49 6131 8920-0; Fax: +49 6131 8920-299; Email: poststelle(at)datenschutz.rlp.de.
IV. What else applies when using our webshop
The aim of the following information is to advise our customers, business partners, suppliers, prospective customers and their assigned contacts as to how we process personal data.
1. We particularly process personal data:
a) to perform pre-contractual measures and/or contracts, including any warranties, guarantees and returns (legal basis: point (b) of Art. 6 (1) GDPR);
b) to fulfil our statutory obligations (legal basis: point (c) of Art. 6 (1) GDPR); and
c) to pursue our legitimate interest in the protection of our assets, the prevention of defaulted payments, the exercise and defence of our rights and, in the case of the personal data of contacts at companies, the identification of – and communication with – our current and prospective customers, suppliers and other business partners for the execution or initiation of business relations (legal basis: points (b) and (f) of Art. 6 (1) GDPR).
A pre-contractual relationship may arise, for example, if a prospective customer contacts us to request information about our company or services; we will then process that person’s data to process the request.
If you get in touch with us, we will save and, if necessary, store any information you provide (e.g. your email address, first name, surname, company and address) to respond to your enquiry. The legal basis for this is point (b) and (f) of Art. 6 (1) GDPR.
2. We obtain the personal data of assigned contacts (name and contact details, e.g. email address) for the above purposes from the company itself, the company’s website or the respective contact.
3. when you create an account in the webshop under "Login/Register", https://auth.it-haus.com/account/registration, the data you provide will be stored. Mandatory fields are marked as such; the remaining information is voluntary. The legal basis for this is Art. 6 para. 1 p. 1 lit. b and lit. f DSGVO. Without the provision of complete and correct basic data, it is not possible to set up a customer account, as we need the data you provide to process your order(s). The provision of the voluntary information is not required.
4. You must provide your personal data to successfully place an order on our online store. Information required to process orders is marked as mandatory; further information is optional. We will use the data provided to process your order. The legal basis for this is point (b) and (f) of Art. 6 (1) GDPR.
5. We will collect and process the data required for the purposes. You cannot place an order with us without providing this data (marked as mandatory fields on the online store). You do not have to fill out data fields marked as optional on the online store. Similarly, you cannot return goods or assert any warranty claims without providing the necessary information.
6. We may also process your personal data to tell you about other interesting products in our portfolio or to send you emails with technical information (e.g. regarding product recalls for your hardware and current IT security risks). We particularly reserve the right to store the following data in summarised lists and use it to create advertising for other similar goods and services (e.g. to send interesting deals and information in the post): your first name, surname, postal address and – provided we have received these additional details within the scope of the contractual relationship – your date of birth, department and cost centre, your trade name and VAT ID Number. The legal basis for this is point (f) of Art. 6 (1) GDPR or, if you explicitly consent to data processing, point (a) of Art. 6 (1) GDPR. You may object to the storage and usage of your data for these purposes or withdraw your consent at any time by getting in touch with us as indicated above.
7. We offer purchase on account as a payment method and cover ourselves by running a credit check on every new customer (creditworthiness data) through Creditsafe Deutschland GmbH (Schreiberhauer Straße 30, D-10317 Berlin) or Creditreform Trier Eberhard KG (Ostallee 3, D-54290 Trier). Goods cannot be purchased on account without this form of data processing.
8. Personal data will be sent to our internal departments if required to properly perform our tasks. We sometimes use external service providers to process personal data. These have been carefully selected and commissioned by us; they are obliged to follow our instructions and are regularly audited. We generally ensure receivables from customers worth at least 25,000.00 EUR – and, in some case, amounts under this threshold (receivables from abroad) – through the Euler Hermes SA branch (Friedensallee 254, D–22763 Hamburg) of Euler Hermes Deutschland. In order to perform a contract, we may disclose personal data to our bank, payment service providers and/or the shipping company commissioned to deliver goods, provided this is necessary for the delivery of the ordered goods. Moreover, we may disclose personal data to third parties if we perform a contract, hold events or offer similar services alongside business partners. We may also disclose personal data to our legal representatives or competent courts and authorities (e.g. in the case of a dispute).
9. It may be necessary to transfer data to third countries (outside the European Union and/or European Economic Area) in individual cases, e.g. to perform our contractual obligations. We will indicate this separately in each offer. We will comply with Art. 44 et seq. GDPR at all times.
10. We do not carry out automated decision-making (incl. profiling).
11. Your personal data (e.g. address, payment and order details) will be deleted as soon as it is no longer required for your enquiry or the performance of a contract, or as soon as a contract is rescinded and the statutory retention periods have lapsed (e.g. up to 10 years in accordance with the German Commercial Code and/or Fiscal Code). Your personal credit report data (e.g. name, address, date of birth and the credit check issued by the credit agency) will be stored for a period of one year. One of the purposes of this is to ensure that no further credit checks must be performed if more goods are purchased on account in the future. We may also retain your personal data if you have given us your consent, or if there are legal disputes and we use this as evidence within statutory limitation periods of up to thirty years; the standard limitation period is three years.
12. SSL encryption is always used during orders placed on our online store, in order to prevent your personal data (especially your financial information) from being accessed by unauthorised third parties.
13. We offer registered users the opportunity to rate / comment on the products offered by us via a comment function in our store. The comment / rating submitted by you is subsequently visible to every visitor of our store. For this purpose, the entry created by you will display your first name specified by you in the login profile, including the date of creation. The use of the comment / rating function is voluntary. If you wish to delete a comment / rating created by you, please contact us by mail to b2bshop[at]it-haus.com. We reserve the right to delete comments and / or ratings that violate the rights of third parties independently.
V What else applies when visiting our webshop?
1. Information on the processing of personal data
(1) We would like to inform you below about the processing of personal data during the use of our website.
You can use our website without sharing any personal data. Different regulations may apply to the use of individual services on our website, and these will be discussed separately. We will also indicate the specified storage period criteria.
(2) If our service providers or partners are based outside the European Economic Area (EEA), we will provide you with specific information regarding the consequences of this situation. Regarding cookies: see below.
(3) We use SSL, one of the most secure encryption methods currently available, to protect your data from unauthorised access during transmissions via the Internet. Please note, however, that any data transmitted via the Internet may be subject to security gaps, and so complete protection against third-party access is impossible. Please choose an alternative communication channel to email when transmitting sensitive data.
2. The collection of personal data during visits to our website
(1) If you use our website for purely informational purposes (i.e. if you do not register or otherwise provide us with information), we will collect the personal data that your browser transmits to our server. If you would like to view our website, we will collect the data listed below; this is technically necessary to display our website and to guarantee stability and security (legal basis: point (f) of Art. 6 (1) GDPR):
- IP address;
- Date and time of the request;
- Time zone difference to Greenwich Mean Time (GMT);
- Contents of the request (specific page);
- Access status / HTTP status code;
- Volume of data transmitted;
- Website from which the request comes;
- Operating system and its interface;
- Language and version of the browser software.
We will store this data for 14 days before it is automatically deleted.
(2) In addition to the data listed above, cookies will be saved on your computer when you use our website. Cookies are small text files that are matched to your browser and saved on your hard drive, allowing certain information to be obtained by the entity that places the cookie (us in this case). Cookies cannot run any programmes or transmit viruses to your computer.
a) This website uses the following types of cookies, and their scope and functions are explained below:
- Temporary cookies (see “b”)
- Permanent cookies (see “c”).
b)Temporary cookies are automatically deleted when you close your browser. This particularly includes session cookies. These are used to store so-called “session IDs”, which allow various requests from your browser to be assigned to one session. This allows your computer to be recognised when you return to our website. Session cookies are deleted when you log out or close your browser.
c) Permanent cookies are automatically deleted after a specified period, which may differ depending on the cookie. You can always delete cookies in your browser’s security settings.
f) You can configure your browser settings as you like, e.g. to reject third-party cookies or all cookies. If you do so, however, please note that you may not be able to use all the features of this website.
g) If our service providers or partners are based in a country outside the European Economic Area (EEA), we will expressly inform you of the consequences of this fact below. A transfer of personal data to a third country such as the United States must be made, among other things, if the European Commission has decided that the third country, a region or one or more specific sectors in that third country provides an adequate level of protection. It is also possible, for example, for the data exporter and the data importer to conclude a contract using the standard data protection clauses of the EU Commission (Art. 46 Paragraph 2 lit. the consideration of the further requirements according to the GDPR). Regarding the consents we have obtained for the following service providers (see below) in the processing of your personal data, we would like to point out the following: Before giving your consent, please note that your personal data can also be processed in the USA. If you give us your consent, it also extends to processing in this third country, Art. 49 Para. 1 lit. a GDPR. According to the current status, there is probably no adequate level of data protection in the USA without an adequacy decision and without suitable guarantees, since the regulations there do not meet the requirements of European law. With judgment of July 16, 2020 (C-311/18), the European Court of Justice came to the conclusion that the laws on the basis of which American security authorities can access the personal data transmitted to the USA do not restrict access to the personal data from non-Americans. The surveillance programs based on American legislation are not limited to what is strictly necessary. In addition, non-Americans would not be granted any enforceable rights against such access.
3. Other functions and features of our website
(1) Our website can be used for more than just informational purposes; we also offer various services that may be of interest to you. We normally require further personal data to provide such services, and the aforementioned data processing principles apply. More information on our online store, events and web seminars: see above.
(2) We sometimes use external service providers to process your data. These have been carefully selected and commissioned by us; they are obliged to follow our instructions and are regularly audited.
4. use of Findologic
(1) For product discovery, in particular search and navigation, we use the services of Findologic GmbH, Jakob-Haringer-Str. 5a, 5020 Salzburg, a technology company that attempts to address personal needs and preferences through data analysis. In doing so, cookies are used to store information about the website user and various data is transferred to the service provider, these include in particular the IP address and browser identification of the user, as well as associated behavioral data such as search queries, categories visited, selected filters, products viewed and purchased. This helps us to understand which products our users are most interested in and to optimize the shopping experience for them.
(2) The legal basis is Art. 6 para. 1 p. 1 lit. f DSGVO. Our legitimate interest lies in the provision of the search function.
(3) This information may be transferred to third parties if required by law or if third parties process it on behalf of Findologic.
(4) A contract for order processing has been concluded with Findologic.
(5) Please note that the stored IP addresses are anonymized after 6 months.
(6) You can find Findologic's data protection information at the following link: https://www.findologic.com/datenschutz/
5. Google Analytics
(1) Google Analytics, a web analysis service provided by Google LLC (1600 Amphitheatre Parkway Mountain View, CA 94043, USA; “Google”), is used on this website. If you have your habitual residence in the European Union, the European Economic Area or Switzerland, Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland) is the person responsible for your data. Google Ireland Limited is therefore the company affiliated with Google that is responsible for processing your data and for compliance with applicable data protection law.
This website uses Google Analytics with the extension “anonymizelP()”. This means IP addresses are truncated before processing, making personal identification impossible. If you can be identified through the data collected on you, this will be immediately ruled out.
(2) Google Analytics uses so-called “cookies”; these are text files that are saved on your computer and allow us to analyse your use of the website. The information generated by cookies on your use of this website will generally be transferred to a Google server in the USA and stored there. As IP anonymisation is activated on this website, however, Google will firstly truncate your IP address before transferring data within Member Sates of the European Union or other Contracting States to the Agreement on the European Economic Area. Your IP address will only be transferred to a Google server and then truncated there in exceptional circumstances. The IP address transmitted by your browser via Google Analytics shall not be merged with other Google data. Google will use this information on behalf of the website operator to analyse your use of the website, to compile reports on website activities, and to provide us – as the website operator – with other services related to the use of this website and the Internet.
(3) If we explicitly request your consent to the processing of personal data, the legal basis will be point (a) of Art. 6 (1) GDPR. Your consent is optional and not compulsory for the use of our website. You have the right to withdraw your consent at any time; this shall have no bearing on the lawfulness of any data processing carried out before the withdrawal of your consent. You can prevent cookies from being saved by setting your preferences in our cookie banner and/or by configuring your browser accordingly. If you do this, however, please note that you may not be able to fully use all the features of this website. You can also stop the data generated by the cookie on your use of this website (incl. your IP address) from being transferred to Google for processing by downloading and installing this browser add-on:
Opt-out cookies stop your data from being collected during future visits to this website. In order to stop Google Analytics from collecting data across several devices, you will have to enable the opt-out cookie on all the systems you use. You can click here to place the opt-out cookie on this website:
Please note that you should not delete any opt-out cookies if you do not want your data to be collected. If you have deleted all cookies in your browser, you will have to re-save the opt-out cookie.
(4) Sessions and campaigns are closed after a certain period of time. Sessions tend to be closed after 30 minutes of inactivity and campaigns after six months. Campaigns can run for a maximum of two years.
(5) We use Google Analytics to analyse the use of our website and make regular improvements. The statistics we obtain allow us to improve our service and make it more interesting for our users.
VII. Changes to our data protection regulations
VIII. data integrity
IT-HAUS GmbH implements suitable technical and organisational measures to prevent unauthorised third parties from viewing or accessing its internal databases.