FALKENBERG - Department Store and Interior Design

The following privacy policy applies to the use of our online offer www.falkenberg-muenchen.com (hereinafter “Website”).

We regard data protection as a fundamental concern and we would like to ensure that your privacy is, and remains, protected at all times when using our website. The collection and processing of your personal data is carried out in compliance with the applicable data protection regulations, in particular the General Data Protection Regulation (GDPR). This statement describes how and for what purpose your data is collected and used and what options you have in relation to personal information. By using this website, you consent to the collection, use and transfer of your information in accordance with this Privacy Policy.

I. CONTROLLER AND SERVICE PROVIDER RESPONSIBLE

Responsible for the collection, processing and use of your personal data within the meaning of Art. 4 No. 7 GDPR is

Falkenberg Department Store & Interior Design
Sabine Falkenberg
Franz-Joseph-Straße 21
80801 München
Mail: contact@falkenberg-muenchen.com
Phone: +49 89 38665077

If you wish to object to the collection, processing or use of your data by us in accordance with this Privacy Policy as a whole or for individual measures, you can address your objection to the person responsible. You can save and print this privacy policy at any time.

II. BASIC INFORMATION ON DATA HANDLING

1. Extent of the personal data processing
We fundamentally collect and use the personal data of our users only insofar as this is required for the provision of a functional website and of our contents and services as well as for the implementation of our business purpose. As a rule we collect and use the personal data of our users only after the user has given his/her consent. Exceptions apply in such cases where it was not possible to obtain prior consent for factual reasons and where the processing of the data is permitted because of statutory requirements.

2. Purposes and legal basis for the processing of personal data
Insofar as we obtain consent from the data subject for processing operations of personal data, Article 6, paragraph 1, sentence 1 lit. a EU General Data Protection Regulation (EU-GDPR) serves as the legal basis for the processing of personal data.
In the processing of personal data required to perform a contract of which the contractual party is the data subject, Art. 6 paragraph 1 sentence 1 lit. b GDPR serves as the legal basis. This also applies to processing operations that are necessary to carry out pre-contractual measures.
Insofar as processing of personal data is required to fulfil a legal requirement that our company is subject to, Art. 6 paragraph 1 sentence 1 lit. c GDPR serves as the legal basis. In the case that vital interests of the data subject or another natural person make the processing of personal data necessary, Art. 6 paragraph 1 sentence 1 lit. d GDPR serves as the legal basis.
If processing is required to protect a legitimate interest of our company or of a third party and the interests do not override the interests, fundamental rights and freedoms of the data subject of the first-named interest, Art. 6 paragraph 1 sentence 1 lit. f GDPR serves as the legal basis for the processing.

3. Data deletion and storage periods
The personal data of the data subject is deleted or blocked, as soon as the purpose for which it was stored no longer applies. Storage can also be effected if this was required by the European or national legislators in European Union regulations, laws or other stipulations that the person responsible is subject to. The data is also blocked or deleted if a statutory storage period prescribed by the cited standards expires, unless there is a need for continued data storage for the purposes of a conclusion or performance of a contract.

III. GENERAL DATA COLLECTION WHEN VISITING OUR WEBSITE

1. Description and extent of data collection

Whenever our internet site is visited, our system automatically records data and information from the computer system of the visiting computer. The following data is collected:

• Information about the browser type and version used
• The operating system and the interface of the user
• The internet server provider of the user
• The IP address of the use
• Date and time of the visit
• Websites, from which the system of the user accessed our internet site
• Websites that are visited by the system of the user via our website

In that process only pseudonymized IP addresses are stored by the system. At the webserver level, this is done by default that in the logfile instead of the actual IP address of the visitor e.g. 123.123.123.123 an IP address 123.123.123.XXX is stored, where XXX is a random value between 1 and 254. The production of a personal reference is thus no longer possible. We use this protocol data without assignment to your person or other profiling for statistical analysis for the purpose of operation, security and optimization of our online offer, but also for the anonymous recording of the number of visitors to our website (traffic) and the scope and nature the use of our website and services. This information enables us to provide personalized and location-based content, analyze traffic, troubleshoot and improve our services. These purposes are also our legitimate interest in data processing pursuant to Art. 6 paragraph 1 sentence1 lit. f GDPR.

We reserve the right to check the protocol data retrospectively if, on the basis of concrete evidence, the legitimate suspicion of unlawful use exists. We store IP addresses in the logfiles for a limited period if necessary for security purposes or for the provision of services or the billing of a service, eg. if you use one of our offers. After termination of the order process or after receipt of payment, we will delete the IP address if it is no longer required for security purposes.

2. Legal basis for data processing
The legal basis for the temporary storage of the data and the logfiles is Art. 6, paragraph 1, sentence 1 lit. f GDPR.

3. Purpose of data processing
The temporary storage of the IP address by the system is necessary so as to enable delivery of the website to the computer of the user. To do this the IP address of the user remains stored for the duration of the session.
Storage in logfiles is required in order to assure the functionality of the website. In addition, the data serves to optimise the website and to assure the security of our IT systems. In particular our website and our other IT system help us to adapt to the browser, operating system and end devices used. An evaluation of the data for marketing purposes does not take place in this connection. These purposes are also our legitimate interest in data processing pursuant to Art. 6 paragraph 1 sentence 1 lit. f GDPR.
4. Duration of the storage
In the case of storage of data in logfiles, this is the case after seven days at the latest.

5. Right to object and removal
The recording of data for the provision of the website and the storage of the data in logfiles is absolutely essential for the operation of the internet site. As a consequence the user has no possibility to object to this.

IV. USE OF COOKIES

1. Description and extent of data collection
We use cookies in order to improve our web presence and to optimise use for you. Cookies are small text files that are stored on your computer when you call up our website and enable a renewed identification of your browser. Cookies store information, such as, for example, your language setting, the length of visit to our website or the entries you made there. This avoids the need to re-input all the required data afresh at every session. Moreover, cookies enable us to detect your preferences and to tailor our website to your areas of interest.

Our website uses transient cookies. These are automatically deleted when you close your browser. These are typically so-called session cookies. These store a so-called session ID with which various queries form your browser can be assigned to a common session. It means that your computer can be recognised again when you return to our website. These cookies are deleted when you log out or close the browser. Our website also uses persistent cookies. These are automatically deleted after a predetermined period that can vary depending on the cookie. These cookies, too, can be deleted at any time. We use analysis cookies to improve the quality of our website and its contents. The analysis cookies enable us to find out how the website is being used and therefore allow us to ensure an ongoing improvement of our web presence. In addition, they enable us to maintain quality assurance and constantly improve the user experience.

These purposes are also our legitimate interest in processing personal data pursuant to Art. 6 paragraph 1 sentence 1 lit. f GDPR. The following data is stored and transmitted in the cookies:

• Language settings
• Frequency of page views and utilisation of website functions

When the cookie is activated, it will be assigned an identification number but no assignment of your personal data to this identification number will be made. Your name, IP address or similar data that would allow the cookie to be associated with you will not be inserted into the cookie. The user data collected in this manner is pseudonymised by technical precautions. Therefore, the data can no longer be traced to a visiting user. Most browsers accept cookies automatically. If you would like to prevent the acceptance of cookies, you can select the setting “accept no cookies” in the browser settings. How this works in detail can be found in the instructions of your browser manufacturer. Cookies already stored on your computer can be deleted at any time. However, we would like to point out this may restrict the functionality of our web presence.

2. Duration of storage, right to object and removal
Cookies are stored on the computer of the user and are transferred from it to our site. Therefore, you as the user also have full control over the use of cookies. By altering the settings in your internet browser you can disable or restrict the transfer of cookies. Cookies already stored can be deleted at any time. This can also be effected automatically. Disabling cookies for our website may mean that not all functions of the website can be used to their full extent.

3. Use of Google Analytics
We use the web analysis service Google Analytics from Google Inc. on our website (1600 Amphitheater Parkway, Mountain View, CA 94043, USA; “Google”). Data processing serves the purpose of analyzing this website and its visitors. For this purpose, Google will use the information obtained on behalf of the operator of this website to evaluate your use of the website, to compile reports on website activity and to provide other services related to website activity and internet usage to the website operator. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.Google Analytics uses cookies that enable an analysis of your use of the website. The information generated by the cookies about your use of this website is usually transmitted to a Google server in the USA and stored there. IP anonymization is activated on this website. This means that your IP address will be shortened beforehand by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. The full IP address is only transferred to a Google server in the USA and abbreviated there in exceptional cases. Your data may be transferred to the United States. An adequacy decision by the European Commission is available for data transfers to the USA. Processing is based on Art. 6 (1) lit. f GDPR from the legitimate interest in the needs-based and targeted design of the website. You have the right, for reasons that arise from your particular situation, at any time against this processing of personal data relating to you based on Art. 6 (1) f GDPR disagree. You can prevent the storage of cookies by selecting the appropriate technical settings in your browser software; however, we would like to point out that if you do this you may not be able to use the full functionality of this website. You can also prevent Google from collecting the data generated by the cookie and relating to your use of the website (including your IP address) and from processing this data by Google by using the browser available under the following link. Download and install the plug-in [https://tools.google.com/dlpage/gaoptout?hl=de[ To prevent the capture by Google Analytics across devices, you can set an opt-out cookie. Opt-out cookies prevent your data from being collected in the future when you visit this website. You must perform the opt-out on all systems and devices used for this to have a comprehensive effect. If you click here, the opt-out cookie is set: Deactivate Google Analytics.
You can find more information on terms of use and data protection at https://www.google.com/analytics/terms/com.html or https://www.google.com/intl/de/policies/.

V. NEWSLETTER

1. Description and extent of data collection
You can consent to subscribe to our newsletter on our website. When registering for the newsletter, the data from the input mask are transmitted to us. We employ the so-called double-opt-in-procedure for our newsletter subscription process. This means that once you have supplied us with your email address we send an email confirmation to this email address asking you to confirm that you wish to have the newsletter sent to you. Only then will the consent to registration be granted. The double opt-in procedure thus protects against misuse of recipient addresses.

In addition, we use your e-mail address, which we received in the course of the sale of a product or service, for the electronic transmission of advertising for our own products or services, which are similar to those that you have already purchased from us, unless you have objected to this use. The provision of the email address is required for the conclusion of the contract. Failure to make this available means that no contract can be concluded. Processing is based on Art. 6 (1) lit. f GDPR from the legitimate interest in direct advertising. You can object to this use of your email address at any time by notifying us. The contact details for exercising the objection can be found in the imprint. You can also use the link provided in the promotional email. There are no other costs than the transmission costs according to the basic tariffs.

We use Rapidmail to send our newsletter. Your data will therefore be forwarded to Rapidmail GmbH. Rapidmail GmbH is prohibited from using your data for purposes other than sending the newsletter. A passing on or a sale of your data is not allowed to rapidmail GmbH. rapidmail is a German, certified newsletter software provider, which was carefully selected according to the requirements of the GDPR and the BDSG. In connection with the processing of data for the sending of newsletters, there is no disclosure of the data to third parties. The data will be used exclusively for sending the newsletter.

2. Legal basis for the data processing
After receipt of your acknowledgement we store your subscription data for the purposes of sending the newsletter. Legal basis is Art. 6 paragraph 1 sentence 1 lit. a GDPR.
The newsletter is sent on the basis of the sale of goods or services: If you purchase goods or services on our website and deposit your e-mail address here, this can subsequently be used by us to send a newsletter. Legal basis is § 7 Abs. 3 UWG.

3. Purpose of data processing
The only reason we store the data is so that we can send you the newsletter.

4. Duration of the storage
Die Daten werden gelöscht, sobald sie für die Erreichung des Zweckes ihrer Erhebung nicht mehr erforderlich sind. Die E-Mail-Adresse des Nutzers wird demnach solange gespeichert, wie das Abonnement des Newsletters aktiv ist.

5. Right to object and removal
You can revoke your consent to the sending of the newsletter at any time. You can unsubscribe all newsletters at any time and without the need to give any reasons or unsubscribe only special newsletters. The unsubscribe link can be found in every newsletter sent by us under “Unsubscribe”. You can also send your revocation by email to contact@falkenberg-muenchen.com.

6. Newsletter Evaluation
We would like to point out that we evaluate your user behaviour when we send you the newsletter. For this evaluation the emails sent contain so-called web beacons, also called tracking pixels. These are one pixel image files that link to our website and thus enable us to evaluate your user behaviour. This is effected by collecting web beacons assigned to your email address and are linked with a unique ID. Links contained in the newsletter also have them. We use the data obtained in this way to devise a user profile in order to make available the newsletter tailored to your interests. When you read our newsletter we record which links you click on and conclude from this your personal interests. We link this data with the actions made by you on our website.

A separate revocation of the performance evaluation is unfortunately not possible, in this case, the entire newsletter subscription must be terminated.

VI. SOCIAL-MEDIA-PLUGINS

On our website we offer you the possibility of using so-called “social media buttons”. To protect your data, we rely on the solution “Shariff” during implementation. As a result, these buttons are integrated on the website only as a graphic that contains a link to the corresponding website of the button provider. By clicking on the graphic, you will be redirected to the services of the respective provider. Only in this case your data will be sent to the respective provider. If you do not click on the graphic, there will be no exchange between you and the providers of the social media buttons. Information about the collection and use of your data in the social networks can be found in the respective terms of use of the respective providers. On our website, we have integrated the social media buttons of the following companies: Facebook facebook.com, Instagram instagram.com, Pinterest pinterest.com

VII. CONTACT / ORDER FORM AND CONTACT VIA EMAIL

1. Description and extent of data collection
Our website has a contact resp. order form which can be used to contact us by electronic means or order products offered on our website. If the user takes advantage of this possibility, the data entered in the input mask is transmitted to us and stored. This data is: First name, Last name, Email address,Telephone number and message. The user is asked as part of the process to consent to the processing of this data. This process is effected on a voluntary basis, but may be a precondition for using our services.

2. Legal basis for the data processing
If the user has given his or her consent, the legal basis for the processing of the data is Art. 6 paragraph 1 sentence1 lit. a GDPR. paragraph 1 sentence1 lit. a GDPR. Legal basis for the processing of the data that is transmitted as part of sending an email is Art. 6 paragraph 1 sentence1 lit. a GDPR. If the intention of the email contact is the conclusion of a contract, the legal basis for the processing is also Art. 6 paragraph 1 sentence1 lit. a GDPR.

3. Purpose of data processing
The processing of the personal data from the input mask serves us only to process the contact. In the case of contact via e-mail, this also includes the necessary legitimate interest in the processing of the data. The other personal data processed during the sending process serve to prevent misuse of the contact form and to ensure the security of our information technology systems.

4. Duration of the storage
The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. For the personal data from the input mask of the contract form and the personal data sent by email, this is the case when the conversation with the user has ended. The conversation is deemed to have ended when the circumstances suggest that the subject matter in question has been conclusively clarified.
The personal data additionally collected during the sending process is deleted at the latest seven days afterwards.

5. Right to object and removal
The user can revoke his or her consent to the processing of personal data at any time. If the user establishes contact with us via email, he or she can object to the storage of his or her personal data at any time. The conversation cannot be continued in such a case. You can inform us of your revocation of consent as well as your objection to storage of your personal data by sending an email to contact@falkenberg-muenchen.com. In this case all personal data stored during the establishment of the contact is deleted.

VIII. INSTRUCTION ON THE RIGHTS OF AFFECTED PERSONS

If your personal data are processed, you are the affected person in the meaning of GDPR and you have the following rights against the responsible person. If you would like to assert these rights, please send your request by e-mail or by post with a clear identification of your person to the address stated in section 1.

1. Right to Confirmation and Information
You can demand from the responsible person a confirmation of your personal data processed by us which affect you.
If there is such processing, you can demand information on the following from the responsible person:
1. the purpose for which your personal data is being processed;
2. the categories of personal data being processed;
3. the recipient and/or the categories of recipients to whom the personal data affecting you are being or will be disclosed;
4. the planned storage time for the personal data affecting you or, if concrete details on this are not possible, the criteria for determining the duration of storage;
5. the existence of a right to correction or deletion of the personal data affecting you, a right to restrict the processing by the responsible person or a right to object to this processing;
6. the existence of a right to appeal to a supervisory authority
7. all available information on the origin of the data if the personal data were not collected from the affected person;
8. the existence of automated decision-making, especially profiling, pursuant to Art. 22, Paragraphs 1 and 4 GDPR and – at least in these cases – significant information about the logic involved and the scope and the intended effects of such processing for the affected person.

2. Right of Correction
You have the right to correction and/or completion against the responsible person, if the personal data processed that affect you are incorrect or incomplete. The responsible person must make the correction without delay.

3. Right of Deletion
You can demand the responsible person that the personal data affecting you be deleted without delay and the responsible person is duty bound to delete these data without delay, unless one of the following grounds applies:
1. the personal data affecting you are no longer necessary for the purpose for which they were collected or processed in another way.
2. You withdraw your consent on which the processing under Art. 6, Para. 1, P. 1, lit. a or Art. 9, Para. 2, lit. a, GDPR is based and there is an absence of another legal basis for the processing.
3. Pursuant to Art. 21, Para. 1, GDPR, you appeal against the processing and there are no overriding legitimate grounds for processing or you appeal against the processing under Art. 21, Para. 2, GDPR.
4. The personal data affecting you has been unlawfully processed.
5. The deletion of the personal data affecting you is necessary for fulfilling a legal obligation under Union law or the laws of the member states to which the responsible person is subject.
6. The personal data affecting you were collected regarding the services offered by the information society under Art. 8, Para. 1, GDPR.

4. Right of Restricting the Processing
Under the following prerequisites, you can demand the restricting of the processing of the personal data affecting you:
1. if the correctness of the personal data affecting you has been disputed over a period, which enables the responsible person to check the correctness of the personal data;
2. if the processing is unlawful and you eject deletion of the personal data and instead of this you request the restriction of the use of the personal data;
3. if the responsible person no longer needs the personal data for the purpose of processing, but you need these for asserting, exercising or defending legal rights, or
4. if you have appealed against the processing pursuant to Art. 21, Para. 1, GDPR and has still not been determined whether the legitimate grounds of the responsible person outweigh your grounds.
If the processing of the personal data affecting you is restricted, these data, apart from their storage, may only be processed with your consent or for asserting, exercising or defending legal rights or to protect the rights of another natural person or legal entity or on the grounds of an important public interest of the Union or a member state.
If the restriction of the processing is restricted pursuant to the abovementioned prerequisites, you will be notified by the responsible person before the restriction is lifted.

5. Right of Data Portability
You have the right to receive the personal data affecting you, which you made available to the responsible person, in a structured, accessible and machine-readable format. In addition, you have the right to transfer these data to another responsible person without hindrance by the responsible person to whom the personal data was made available, if
1. the processing was based on consent pursuant to Art. 6, Para. 1, P. 1, lit. a, GDPR or Art. 9, Para. 2, lit. a, GDPR or on a contract pursuant to Art.6, Para. 1, P. 1, lit. b, GDPR and
2. the processing is done with the help of an automated process.
In addition, in exercising this right, you also have the right to obtain the personal data affecting you are transferred direct from a responsible person to another responsible person, if this is technically possible.

6. Right to Object
You have the right to object at any time to the processing of the personal data affecting you ensuing from Art. 6, Para. 1, P. 1, lit. e or f, GDPR, for reasons arising from your own special situation; this also applies to profiling supported by one of these provisions.
We do no longer process the personal data affecting you, unless they can demonstrate compelling, legitimate reasons for the processing which outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal rights.

7. Right to Revoke the Declaration of Consent under Data Protection Law
You have the right to revoke your declaration of consent under data protection law at any time.

8. Right to Complain to a Supervisory Authority
Regardless of any other administrative or judicial remedy, you have the right to complain to a supervisory authority, especially in the member state of your place of residence, your place of work or the location of the alleged breach, if you are of the view that the processing of the personal data affecting you breaches the GDPR.

IX. DATA SECURITY

We have taken extensive technical and organisational precautions to protect your data from accidental or intentional manipulation, loss, destruction or access by unauthorised persons. Our security procedures are regularly checked and revised to take into account technological progress.

To prevent unauthorised access to your personal data, the data transmission process is encrypted by hybrid encryption protocol for the secure data transmission “Secure Socket Layer” (SSL). However, we point out that data transmission over the Internet (for example, when communicating via e-mail) may have security vulnerabilities. A complete protection of the data from access by third parties is not possible.

To safeguard your data, we maintain technical and organizational security measures in accordance with Art. 32 GDPR, which we always adapt to state-of-the-art technology.
We also do not warrant that our offer will be available at specific times. Disturbances, interruptions or failures can not be excluded. The servers we use are regularly backed up carefully.

X. TRANSFER OF DATA TO THIRD PARTIES

Basically, we only use your personal data within our company. We forward personal data only to our business partners and service providers for the implementation of the business purpose. To implement our business purpose we use typical contact and address data of our customer and business partners. We typically receive the personal data direct from the data subject or with the consent of the data subject and also in exceptional cases from third parties. No forwarding of your data to third parties takes place, unless we are legally obliged to do so, or the data transmission is required to perform the contractual relationship or you have previously given your explicit consent to the forwarding of your data. External service providers and partner companies, such as, for example, online payment providers or the shipping company tasked with the delivery, only receive your data insofar as it is necessary for the execution of your order. However, in these cases the extent of the transmitted data is restricted to the minimum required. Insofar as our service providers come into contact with your personal data, we assure that the regulations of the data protection laws are observed in the same manner. Please also observe the data protection notices of the individual providers. The individual service provider is responsible for the contents of third party services, whereby we verify as far as can be reasonably expected that the services observe statutory requirements. Data will not be transmitted to agencies or persons outside the EU outside the cases mentioned in this declaration in paragraph 2.