(Date: January 18, 2022)
Data protection is very important to us. We strictly adhere to statutory regulations and respect privacy during data processing. We only ever process personal data in accordance with statutory regulations. The specific legal grounds for data protection can be found in the EU General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG).
We have put together some information on this website regarding data protection and related topics that are applicable to:
- the use and visit of our webshop https://b2bshop.it-haus.com/
and related issues (incl. tracking). When setting your preferences for our website, please refer to the additional information in our cookie banner.
I. Who is responsible for data protection?
- The “controller”, as defined in Art. 4 (7) GDPR, and service provider is:
- IT-HAUS GmbH (hereinafter referred to as “IT-HAUS” or “we”).
- Europa-Allee 26/28, 54343 Föhren (DE)
- Tel.: +49 6502 9208-0, Fax: +49 6502 9208-850
- Email: info[at]it-haus.com
- Managing Directors: Ingo Burggraf, Stefan Sicken, Dr Thomas Simon, Ulrich Simon
- Data Protection Officer (internal) is
- Ms Sarah Müller
- IT-HAUS GmbH
- Europa-Allee 26/28, 54343 Föhren (DE)
- Email: datenschutz[at]it-haus.com
II. Waht is personal data?
The term “personal data” is used to refer to all information concerning an identified or identifiable natural person. This includes your name, address, phone number, and the data used to access your customer account. Personal data also includes the IP address of the connection you use to navigate through our pages, as well as all associated data concerning your surfing habits. Non-personal data is all other information (e.g. today’s date).
III. your rights
- Right of access;
- Right to rectification or erasure;
- Right to the restriction of processing;
- Right to object to data processing;
- Right to data portability.
IV. What else applies when using our webshop
2. We obtain the personal data of assigned contacts (name and contact details, e.g. email address) for the above purposes from the company itself, the company’s website or the respective contact.
3. when you create an account in the webshop under "Login/Register", https://auth.it-haus.com/account/registration, the data you provide will be stored. Mandatory fields are marked as such; the remaining information is voluntary. The legal basis for this is Art. 6 para. 1 p. 1 lit. b and lit. f DSGVO. Without the provision of complete and correct basic data, it is not possible to set up a customer account, as we need the data you provide to process your order(s). The provision of the voluntary information is not required.
4. You must provide your personal data to successfully place an order on our online store. Information required to process orders is marked as mandatory; further information is optional. We will use the data provided to process your order. The legal basis for this is point (b) and (f) of Art. 6 (1) GDPR.
5. We will collect and process the data required for the purposes. You cannot place an order with us without providing this data (marked as mandatory fields on the online store). You do not have to fill out data fields marked as optional on the online store. Similarly, you cannot return goods or assert any warranty claims without providing the necessary information.
6. We may also process your personal data to tell you about other interesting products in our portfolio or to send you emails with technical information (e.g. regarding product recalls for your hardware and current IT security risks). We particularly reserve the right to store the following data in summarised lists and use it to create advertising for other similar goods and services (e.g. to send interesting deals and information in the post): your first name, surname, postal address and – provided we have received these additional details within the scope of the contractual relationship – your date of birth, department and cost centre, your trade name and VAT ID Number. The legal basis for this is point (f) of Art. 6 (1) GDPR or, if you explicitly consent to data processing, point (a) of Art. 6 (1) GDPR. You may object to the storage and usage of your data for these purposes or withdraw your consent at any time by getting in touch with us as indicated above.
7. We offer purchase on account as a payment method and cover ourselves by running a credit check on every new customer (creditworthiness data) through Creditsafe Deutschland GmbH (Schreiberhauer Straße 30, D-10317 Berlin) or Creditreform Trier Eberhard KG (Ostallee 3, D-54290 Trier). Goods cannot be purchased on account without this form of data processing.
8. Personal data will be sent to our internal departments if required to properly perform our tasks. We sometimes use external service providers to process personal data. These have been carefully selected and commissioned by us; they are obliged to follow our instructions and are regularly audited. We generally ensure receivables from customers worth at least 25,000.00 EUR – and, in some case, amounts under this threshold (receivables from abroad) – through the Euler Hermes SA branch (Friedensallee 254, D–22763 Hamburg) of Euler Hermes Deutschland. In order to perform a contract, we may disclose personal data to our bank, payment service providers and/or the shipping company commissioned to deliver goods, provided this is necessary for the delivery of the ordered goods. Moreover, we may disclose personal data to third parties if we perform a contract, hold events or offer similar services alongside business partners. We may also disclose personal data to our legal representatives or competent courts and authorities (e.g. in the case of a dispute).
9. It may be necessary to transfer data to third countries (outside the European Union and/or European Economic Area) in individual cases, e.g. to perform our contractual obligations. We will indicate this separately in each offer. We will comply with Art. 44 et seq. GDPR at all times.
10. We do not carry out automated decision-making (incl. profiling).
11. Your personal data (e.g. address, payment and order details) will be deleted as soon as it is no longer required for your enquiry or the performance of a contract, or as soon as a contract is rescinded and the statutory retention periods have lapsed (e.g. up to 10 years in accordance with the German Commercial Code and/or Fiscal Code). Your personal credit report data (e.g. name, address, date of birth and the credit check issued by the credit agency) will be stored for a period of one year. One of the purposes of this is to ensure that no further credit checks must be performed if more goods are purchased on account in the future. We may also retain your personal data if you have given us your consent, or if there are legal disputes and we use this as evidence within statutory limitation periods of up to thirty years; the standard limitation period is three years.
12. SSL encryption is always used during orders placed on our online store, in order to prevent your personal data (especially your financial information) from being accessed by unauthorised third parties.
13. We offer registered users the opportunity to rate / comment on the products offered by us via a comment function in our store. The comment / rating submitted by you is subsequently visible to every visitor of our store. For this purpose, the entry created by you will display your first name specified by you in the login profile, including the date of creation. The use of the comment / rating function is voluntary. If you wish to delete a comment / rating created by you, please contact us by mail to b2bshop[at]it-haus.com. We reserve the right to delete comments and / or ratings that violate the rights of third parties independently.
V What else applies when visiting our webshop?
- IP address;
- Date and time of the request;
- Time zone difference to Greenwich Mean Time (GMT);
- Contents of the request (specific page);
- Access status / HTTP status code;
- Volume of data transmitted;
- Website from which the request comes;
- Operating system and its interface;
- Language and version of the browser software.
- Temporary cookies (see “b”)
- Permanent cookies (see “c”).
g) If our service providers or partners are based in a country outside the European Economic Area (EEA), we will expressly inform you of the consequences of this fact below. A transfer of personal data to a third country such as the United States must be made, among other things, if the European Commission has decided that the third country, a region or one or more specific sectors in that third country provides an adequate level of protection. It is also possible, for example, for the data exporter and the data importer to conclude a contract using the standard data protection clauses of the EU Commission (Art. 46 Paragraph 2 lit. the consideration of the further requirements according to the GDPR). Regarding the consents we have obtained for the following service providers (see below) in the processing of your personal data, we would like to point out the following: Before giving your consent, please note that your personal data can also be processed in the USA. If you give us your consent, it also extends to processing in this third country, Art. 49 Para. 1 lit. a GDPR. According to the current status, there is probably no adequate level of data protection in the USA without an adequacy decision and without suitable guarantees, since the regulations there do not meet the requirements of European law. With judgment of July 16, 2020 (C-311/18), the European Court of Justice came to the conclusion that the laws on the basis of which American security authorities can access the personal data transmitted to the USA do not restrict access to the personal data from non-Americans. The surveillance programs based on American legislation are not limited to what is strictly necessary. In addition, non-Americans would not be granted any enforceable rights against such access.
4. use of Findologic
(1) For product discovery, in particular search and navigation, we use the services of Findologic GmbH, Jakob-Haringer-Str. 5a, 5020 Salzburg, a technology company that attempts to address personal needs and preferences through data analysis. In doing so, cookies are used to store information about the website user and various data is transferred to the service provider, these include in particular the IP address and browser identification of the user, as well as associated behavioral data such as search queries, categories visited, selected filters, products viewed and purchased. This helps us to understand which products our users are most interested in and to optimize the shopping experience for them.
(2) The legal basis is Art. 6 para. 1 p. 1 lit. f DSGVO. Our legitimate interest lies in the provision of the search function.
(3) This information may be transferred to third parties if required by law or if third parties process it on behalf of Findologic.
(4) A contract for order processing has been concluded with Findologic.
(5) Please note that the stored IP addresses are anonymized after 6 months.
(6) You can find Findologic's data protection information at the following link: https://www.findologic.com/datenschutz/
5. Google Analytics
(1) Google Analytics, a web analysis service provided by Google LLC (1600 Amphitheatre Parkway Mountain View, CA 94043, USA; “Google”), is used on this website. If you have your habitual residence in the European Union, the European Economic Area or Switzerland, Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland) is the person responsible for your data. Google Ireland Limited is therefore the company affiliated with Google that is responsible for processing your data and for compliance with applicable data protection law.
This website uses Google Analytics with the extension “anonymizelP()”. This means IP addresses are truncated before processing, making personal identification impossible. If you can be identified through the data collected on you, this will be immediately ruled out.
(2) Google Analytics uses so-called “cookies”; these are text files that are saved on your computer and allow us to analyse your use of the website. The information generated by cookies on your use of this website will generally be transferred to a Google server in the USA and stored there. As IP anonymisation is activated on this website, however, Google will firstly truncate your IP address before transferring data within Member Sates of the European Union or other Contracting States to the Agreement on the European Economic Area. Your IP address will only be transferred to a Google server and then truncated there in exceptional circumstances. The IP address transmitted by your browser via Google Analytics shall not be merged with other Google data. Google will use this information on behalf of the website operator to analyse your use of the website, to compile reports on website activities, and to provide us – as the website operator – with other services related to the use of this website and the Internet.
(3) If we explicitly request your consent to the processing of personal data, the legal basis will be point (a) of Art. 6 (1) GDPR. Your consent is optional and not compulsory for the use of our website. You have the right to withdraw your consent at any time; this shall have no bearing on the lawfulness of any data processing carried out before the withdrawal of your consent. You can prevent cookies from being saved by setting your preferences in our cookie banner and/or by configuring your browser accordingly. If you do this, however, please note that you may not be able to fully use all the features of this website. You can also stop the data generated by the cookie on your use of this website (incl. your IP address) from being transferred to Google for processing by downloading and installing this browser add-on:
Opt-out cookies stop your data from being collected during future visits to this website. In order to stop Google Analytics from collecting data across several devices, you will have to enable the opt-out cookie on all the systems you use. You can click here to place the opt-out cookie on this website:
Please note that you should not delete any opt-out cookies if you do not want your data to be collected. If you have deleted all cookies in your browser, you will have to re-save the opt-out cookie.
(4) Sessions and campaigns are closed after a certain period of time. Sessions tend to be closed after 30 minutes of inactivity and campaigns after six months. Campaigns can run for a maximum of two years.
(5) We use Google Analytics to analyse the use of our website and make regular improvements. The statistics we obtain allow us to improve our service and make it more interesting for our users.
VII. Changes to our data protection regulations
VIII. data integrity
IT-HAUS GmbH implements suitable technical and organisational measures to prevent unauthorised third parties from viewing or accessing its internal databases.