This data protection declaration informs you about the type, scope and purpose of the processing of personal data (hereinafter referred to as “data”) within the scope of the provision of our services as well as within our online offer and the websites, functions and contents connected with it as well as external online presences, such as our social media profiles (hereinafter jointly referred to as “online offer”). With regard to the terms used, such as “processing” or “controller”, we refer to the definitions in Art. 4 of the General Data Protection Regulation (DSGVO).
Person responsible
Siegel, Florian
Castellstr. 46
90451 Nuremberg
Germany
E-mail address: info@timbertime.de
Link to imprint: https://timbertime.uk/imprint/
Types of data processed
- Inventory data (e.g., personal master data, names or addresses).
- Contact data (e.g., e-mail, telephone numbers).
- Content data (e.g., text entries, photographs, videos).
- Usage data (e.g., web pages visited, interest in content, access times).
- Meta/communication data (e.g., device information, IP addresses).
Categories of Data Subjects
Communication partners, visitors and users of the online offer (hereinafter we also refer to the data subjects collectively as “users”).
Purpose of the processing
Provision of the online offer, its functions and contents.
Responding to contact requests and communicating with users.
Security measures.
Reach measurement/marketing
Direct marketing (e.g. by e-mail).Terminology used
“Personal data” means any information relating to an identified or identifiable natural person (hereinafter “data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier (e.g. cookie) or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
“Processing” means any operation or set of operations which is performed upon personal data, whether or not by automatic means. The term is broad and covers virtually any handling of data.
“pseudonymisation” means the processing of personal data in such a way that personal data can no longer be related to a specific data subject without additional information, provided that such additional information is kept separately and is subject to technical and organisational measures which ensure that the personal data are not attributed to an identified or identifiable natural person.
“Profiling” means any automated processing of personal data which consists in using such personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects relating to that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or change of location.
Controller” means the natural or legal person, public authority, agency or other body which alone or jointly with others determines the purposes and means of the processing of personal data.
“Processor” means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
Relevant legal basis
In accordance with Art. 13 DSGVO, we inform you of the legal basis for our data processing. For users from the area of application of the General Data Protection Regulation (DSGVO), i.e. the EU and the EEC, the following applies if the legal basis is not stated in the data protection declaration:
The legal basis for obtaining consent is Art. 6 para. 1 lit. a and Art. 7 DSGVO;
The legal basis for processing for the fulfilment of our services and implementation of contractual measures as well as answering enquiries is Art. 6 (1) lit. b DSGVO;
The legal basis for processing for the fulfilment of our legal obligations is Art. 6 para. 1 lit. c DSGVO;
In the event that vital interests of the data subject or another natural person make processing of personal data necessary, Art. 6 (1) lit. d DSGVO serves as the legal basis.
The legal basis for the processing necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller is Art. 6(1)(e) DSGVO.
The legal basis for processing to protect our legitimate interests is Art. 6 (1) lit. f DSGVO.
The processing of data for purposes other than those for which they were collected is determined by the requirements of Art. 6 (4) DSGVO.
The processing of special categories of data (in accordance with Art. 9 (1) DSGVO) is determined in accordance with the requirements of Art. 9 (2) DSGVO.
Security measures
We take appropriate technical and organisational measures in accordance with the legal requirements, taking into account the state of the art, the implementation costs and the nature, scope, circumstances and purposes of the processing, as well as the varying likelihood and severity of the risk to the rights and freedoms of natural persons, in order to ensure a level of protection appropriate to the risk.
The measures include, in particular, ensuring the confidentiality, integrity and availability of data by controlling physical access to the data, as well as access to, input, disclosure, ensuring availability and segregation of the data. We also have procedures in place to ensure the exercise of data subjects’ rights, deletion of data and response to data compromise. Furthermore, we already take the protection of personal data into account in the development and selection of hardware, software and procedures, in accordance with the principle of data protection through technology design and through data protection-friendly default settings.
Cooperation with processors, joint controllers and third parties
If, in the course of our processing, we disclose data to other persons and companies (processors, joint controllers or third parties), transfer it to them or otherwise grant them access to the data, this will only be done on the basis of legal permission (e.g. if a transfer of the data to third parties, such as payment service providers, is necessary for the performance of the contract), users have consented, a legal obligation provides for this or on the basis of our legitimate interests (e.g. when using agents, web hosts, etc.).
If we disclose or transfer data to other companies in our group of companies or otherwise grant them access, this is done in particular for administrative purposes as a legitimate interest and, in addition, on a basis that complies with the legal requirements.
Transfers to third countries
If we process data in a third country (i.e. outside the European Union (EU), the European Economic Area (EEA) or the Swiss Confederation) or do so in the context of using third-party services or disclosing or transferring data to other persons or companies, this will only be done if it is done to fulfil our (pre-)contractual obligations, on the basis of your consent, due to a legal obligation or on the basis of our legitimate interests. Subject to explicit consent or contractually required transfer, we only process or allow data to be processed in third countries with a recognised level of data protection, which includes US processors certified under the “Privacy Shield” or on the basis of special guarantees, such as contractual obligation through so-called standard protection clauses of the EU Commission, the existence of certifications or binding internal data protection regulations (Art. 44 to 49 DSGVO, information page of the EU Commission).
Rights of data subjects
You have the right to request confirmation as to whether data in question is being processed and to information about this data as well as further information and a copy of the data in accordance with the legal requirements.
You have the right, in accordance with the law, to request that data concerning you be completed or that inaccurate data concerning you be corrected.
You have the right, in accordance with the law, to request that data concerning you be deleted immediately or, alternatively, to request restriction of the processing of the data in accordance with the law.
You have the right to demand that the data concerning you that you have provided to us be received in accordance with the legal requirements and to demand that it be transferred to other persons responsible.
You also have the right to lodge a complaint with the competent supervisory authority in accordance with the law.
Right of withdrawal
You have the right to revoke any consent you have given with effect for the future.
Right of objection
You may object to the future processing of data relating to you at any time in accordance with the legal requirements. In particular, you may object to processing for direct marketing purposes.
Cookies and the right to object to direct advertising
Cookies” are small files that are stored on users’ computers. Different information can be stored within the cookies. A cookie is primarily used to store information about a user (or the device on which the cookie is stored) during or after his or her visit to an online offer. Temporary cookies, or “session cookies” or “transient cookies”, are cookies that are deleted after a user leaves an online offer and closes his or her browser. In such a cookie, for example, the contents of a shopping basket in an online shop or a login status can be stored. Cookies that remain stored even after the browser is closed are referred to as “permanent” or “persistent”. For example, the login status can be stored if users visit them after several days. Likewise, the interests of users can be stored in such a cookie, which is used for range measurement or marketing purposes. Third-party cookies” are cookies that are offered by providers other than the responsible party that operates the online offer (otherwise, if they are only its cookies, they are referred to as “first-party cookies”).
We may use temporary and permanent cookies and will explain this in our privacy policy.
If users do not want cookies to be stored on their computer, they are asked to deactivate the corresponding option in the system settings of their browser. Stored cookies can be deleted in the system settings of the browser. The exclusion of cookies can lead to functional restrictions of this online offer.
Deletion of Data
The data processed by us will be deleted or restricted in its processing in accordance with legal requirements. Unless expressly stated in this data protection declaration, the data stored by us will be deleted as soon as it is no longer required for its intended purpose and the deletion does not conflict with any statutory retention obligations.
If the data is not deleted because it is required for other and legally permissible purposes, its processing will be restricted. I.e. the data is blocked and not processed for other purposes. This applies, for example, to data that must be retained for reasons of commercial or tax law.
Changes and updates to the data protection declaration
We ask you to inform yourself regularly about the content of our data protection declaration. We adapt the data protection declaration as soon as the changes in the data processing carried out by us make this necessary. We will inform you as soon as the changes require an act of cooperation on your part (e.g. consent) or other individual notification.
Use of Google Analytics
We use Google Analytics to analyse website usage. The data obtained from this is used to optimise our website and advertising measures.
Google Analytics is a web analytics service provided by Google, Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043, United States). Google processes website usage data on our behalf and is contractually obligated to take measures to ensure the confidentiality of the processed data.
During your visit to the website, the following data is recorded, among others:
- Pages viewed - The achievement of "website goals" (e.g. contact requests and newsletter sign-ups) - Your behaviour on the pages (for example, clicks, scrolling behaviour and length of stay) - Your approximate location (country and city) - Your IP address (in shortened form, so that no clear allocation is possible) - Technical information such as browser, internet provider, terminal device and screen resolution - Source of origin of your visit (i.e. via which website or advertising material you came to us)
This data is transferred to a Google server in the USA. Google complies with the data protection provisions of the “EU-US Privacy Shield” agreement.
Google Analytics stores cookies in your web browser for a period of two years since your last visit. These cookies contain a randomly generated user ID that can be used to recognise you on future visits to the website.
The recorded data is stored together with the randomly generated user ID, which enables the evaluation of pseudonymous user profiles. This user-related data is automatically deleted after 14 months. Other data remains stored in aggregated form indefinitely.
If you do not agree with the collection, you can prevent it by installing the browser add-on to deactivate Google Analytics once.
[ga-optout text=”Deactivate Google Analytics”]
Use of Google reCAPTCHA
We use the Google service reCaptcha to determine whether a human or a computer makes a certain entry in our contact or newsletter form. Google uses the following data to check whether you are a human or a computer: IP address of the terminal device used, the website you visit with us on which the captcha is embedded, the date and duration of the visit, the recognition data of the browser and operating system type used, Google account if you are logged in to Google, mouse movements on the reCaptcha areas and tasks that require you to identify images. The legal basis for the data processing described is Art. 6 (1) lit. f of the General Data Protection Regulation. There is a legitimate interest on our part in this data processing to ensure the security of our website and to protect us from automated entries (attacks).
Promotional communication via e-mail, post, fax or telephone
We process personal data for the purposes of promotional communication, which may take place via various channels, such as e-mail, telephone, post or fax, in accordance with legal requirements.
Recipients have the right to revoke consent given at any time or to object to promotional communication at any time.
After revocation or objection, we may store the data required to prove consent for up to three years based on our legitimate interests before deleting it. The processing of this data is limited to the purpose of a possible defence against claims. An individual deletion request is possible at any time, provided that the former existence of consent is confirmed at the same time.
- Types of data processed: inventory data (e.g. names, addresses), contact data (e.g. e-mail, telephone numbers).
- Data subjects: Communication partners.
- Purposes of processing: direct marketing (e.g. by e-mail or post).
- Legal basis: Consent (GDPR), Legitimate interests (GDPR).Participation in affiliate partner programmes
Within our online offer, we use industry-standard tracking measures on the basis of our legitimate interests (i.e. interest in the analysis, optimisation and economic operation of our online offer) pursuant to Art. 6 para. 1 lit. f DSGVO, insofar as these are necessary for the operation of the affiliate system. In the following, we explain the technical background to users.
The services offered by our contractual partners may also be advertised and linked on other websites (so-called affiliate links or after-buy systems, if, for example, links or services of third parties are offered after a contract has been concluded). The operators of the respective websites receive a commission if users follow the affiliate links and subsequently take advantage of the offers.
In summary, it is necessary for our online offer that we can track whether users who are interested in affiliate links and/or the offers available on our website subsequently take up the offers at the instigation of the affiliate links or our online platform. For this purpose, the affiliate links and our offers are supplemented by certain values, which may be part of the link or otherwise set, e.g. in a cookie. The values include in particular the source website (referrer), time, an online identifier of the operator of the website on which the affiliate link was located, an online identifier of the respective offer, an online identifier of the user, as well as tracking-specific values such as e.g. advertising material ID, partner ID and categorisations.
The online identifiers of the users used by us are pseudonymous values. This means that the online identifiers themselves do not contain any personal data such as names or email addresses. They only help us to determine whether the same user who clicked on an affiliate link or became interested in an offer via our online offer has taken advantage of the offer, i.e. e.g. concluded a contract with the provider. However, the online ID is personal to the extent that the partner company and also we have the online ID together with other user data. Only in this way can the partner company inform us whether the user has taken up the offer and we can pay out the bonus, for example.
Amazon affiliate programme
As an Amazon Associate I earn from qualifying purchases. The price for the visitor does not change as a result.
We are participants in the partner programme on the basis of our legitimate interests (i.e. interest in the economic operation of our online offer within the meaning of GDPR), we are participants in the Amazon EU affiliate programme, which is designed to provide a means for websites to earn advertising fees by placing advertisements and links to Amazon.de (so-called affiliate system). I.e. as an Amazon partner we earn from qualified purchases.
Amazon uses cookies to track the origin of orders. Among other things, Amazon can recognise that you have clicked on the affiliate link on this website and subsequently purchased a product from Amazon.
You can find more information about Amazon’s use of data and ways to object in the company’s data protection declaration: https://www.amazon.de/gp/help/customer/display.html?nodeId=201909010.
Note: Amazon and the Amazon logo are trademarks of Amazon.com, Inc. or one of its affiliates.
eBay Partner Network
eBay Partner Program (eBay Partner Network) We participate in the partner program of eBay Partner Network, Inc, 2145 Hamilton Ave, San Jose, CA 95125, USA (hereinafter “EPN”). In this context, we have placed advertisements on our website as links that lead to offers on various eBay websites. EPN uses cookies, which are small text files that are stored on your terminal device to track the origin of clicks, orders, etc. generated via such links. Among other things, EPN can recognise that you have clicked on the partner link on this website. This information is required for payment processing between us and eBay. Insofar as the information also contains personal data, the described processing is carried out on the basis of our legitimate financial interest in processing commission payments with eBay in accordance with Art. 6 Para. 1 lit. f DSGVO.
For more information on the use of data by EPN, please refer to the company’s privacy policy: https://partnernetwork.ebay.com/de/legal#privacy-policy.
If you wish to block the evaluation of user behaviour via cookies, you can set your browser so that you are informed about the setting of cookies and decide individually about their acceptance or exclude the acceptance of cookies for certain cases or in general.
dieholzmanufaktur24.de Affiliate Program
As a dieholzmanufaktur24.de affiliate I earn money on qualified sales. The price for the visitor does not change.
We participate in the partner programme of dieholzmanufaktur24.de (Nils & Kristof Meesenburg GmbH, Hasenkamp 40, 25482 Appen, hereinafter “dieholzmanufaktur24.de”). In this context, we have placed advertisements on our website as links that lead to offers on various dieholzmanufaktur24.de pages. dieholzmanufaktur24.de uses cookies. These are small text files which are stored on your end device in order to be able to trace the origin of clicks, orders etc. generated via such links. Among other things,holzmanufaktur24.de can recognise that you have clicked on the partner link on this website. This information is required for payment processing between us and dieholzmanufaktur24.de. If the information also contains personal data, the described processing is based on our legitimate financial interest in processing commission payments with dieholzmanufaktur24.de in accordance with Art. 6 Para. 1 lit. f DSGVO.
For further information on the use of data by dieholzmanufaktur24.de and objection options, please refer to the company’s privacy policy: https://dieholzmanufaktur24.de/Datenschutzerklaerung.
contorion.de Partner Programme
As a contorion.de partner I earn on qualified sales. The price for the visitor does not change.
We participate in the partner programme of contorion.de (Contorion GmbH, Friedrichstraße 224, 10969 Berlin, hereinafter “contorion.de”). In this context, we have placed advertisements on our website as links that lead to offers on various contorion.de pages. Contorion.de uses cookies. These are small text files which are stored on your end device in order to be able to trace the origin of clicks, orders etc. generated via such links. Among other things, contorion.de can recognise that you have clicked on the partner link on this website. This information is required for payment processing between us and contorion.de. If the information also contains personal data, the described processing is based on our legitimate financial interest in processing commission payments with contorion.de in accordance with Art. 6 (1) lit. f DSGVO.
Further information on the use of data by contorion.de and objection options can be found in the company’s data protection declaration: https://www.contorion.de/datenschutz.
Banggood affiliate programme
Some of the links on this website refer to the Banggood partner programme of the provider Banggood Technology Co.,Limited, Room 38, 11/F, Meeco Industrial Building, 53-55 Au Pui Wan Street, Fotan, Shatin, N.T., Hong Kong, China. The links are used to generate an advertising fee (“affiliate system”) for the financing of the website and contributions; as the operator, I have a legitimate interest in this (Art. 6 DSGVO). Banggood uses cookies, if you have allowed it in your browser, in order to be able to trace the origin of the orders. Among other things, the provider can recognise that you have clicked on the partner link on this website and subsequently purchased a product from a shop there. Links to Banggood are clearly recognisable on my website.
You can find more information on the use of data by Banggood and the possibility to object in the company’s data protection declaration: https://www.banggood.com/Privacy-Policy_hl34.
Affiliate links/advertising links
The links marked with an asterisk () are so-called affiliate links. If you click on such an affiliate link and make a purchase via this link, I will receive a commission from the online shop or provider concerned. The price does not change for you. Links marked with an asterisk () may also be advertising links for which I receive a fee.
Comments and contributions
When users leave comments or other contributions, their IP addresses may be stored for 7 days on the basis of our legitimate interests as defined in Art. 6 (1) lit. f. DSGVO are stored for 7 days. This is done for our security in case someone leaves unlawful content in comments and posts (insults, prohibited political propaganda, etc.). In this case, we ourselves can be prosecuted for the comment or post and are therefore interested in the identity of the author.
Furthermore, we reserve the right, on the basis of our legitimate interests pursuant to Art. 6 para. 1 lit. f. DSGVO, to process the user’s details for the purpose of spam detection.
On the same legal basis, we reserve the right to store the IP addresses of users for the duration of surveys and to use cookies in order to avoid multiple voting.
The personal information provided in the context of comments and contributions, any contact and website information as well as the content-related information will be permanently stored by us until the user objects.
Retrieval of emojis and smilies
Within our WordPress blog, graphic emojis (or smilies), i.e. small graphic files that express emotions, are used that are obtained from external servers. The providers of the servers collect the IP addresses of the users. This is necessary so that the emoji files can be transmitted to the users’ browsers. The Emojie service is provided by Automattic Inc, 60 29th Street #343, San Francisco, CA 94110, USA. Automattic’s privacy policy: https://automattic.com/privacy/. The server domains used are s.w.org and twemoji.maxcdn.com. As far as we know, these are so-called content delivery networks, i.e. servers that only serve to transmit files quickly and securely, and the users’ personal data is deleted after transmission.
The use of emojis is based on our legitimate interests, i.e. interest in an attractive design of our online offer pursuant to Art. 6 para. 1 lit. f. DSGVO.
Contacting
When contacting us (e.g. by contact form, e-mail, telephone or via social media), the user’s details are used to process the contact enquiry and handle it in accordance with Art. 6 para. 1 lit. b. DSVO. (in the context of contractual/pre-contractual relations), Art. 6 para. 1 lit. f. (other enquiries) DSGVO. The user’s details may be stored in a customer relationship management system (“CRM system”) or comparable enquiry organisation.
We delete the enquiries if they are no longer necessary. We review the necessity every two years; furthermore, the legal archiving obligations apply.
Hosting and e-mail dispatch
The hosting services we use serve to provide the following services: Infrastructure and platform services, computing capacity, storage space and database services, e-mail dispatch, security services and technical maintenance services, which we use for the purpose of operating this online offer.
In doing so, we, or our hosting provider, process inventory data, contact data, content data, contract data, usage data, meta data and communication data of customers, interested parties and visitors of this online offer on the basis of our legitimate interests in an efficient and secure provision of this online offer pursuant to Art. 6 para. 1 lit. f DSGVO in conjunction with Art. 28 DSGVO (conclusion of a contract). Art. 28 DSGVO (conclusion of order processing contract).
Collection of access data and log files
We, or our hosting provider, collect data on every access to our website on the basis of our legitimate interests within the meaning of Art. 6 Para. 1 lit. f. DSGVO, we or our hosting provider collect data about each access to the server on which this service is located (so-called server log files). The access data includes the name of the website accessed, file, date and time of access, amount of data transferred, notification of successful access, browser type and version, the user’s operating system, referrer URL (the previously visited page), IP address and the requesting provider.
Log file information is stored for security reasons (e.g. for the clarification of abuse or fraud) for a maximum of 7 days and then deleted. Data whose further storage is required for evidentiary purposes is exempt from deletion until the respective incident has been finally clarified.
Online presence in social media
We maintain online presences within social networks and platforms in order to be able to communicate with the customers, interested parties and users active there and to inform them about our services there.
We would like to point out that user data may be processed outside the European Union. This may result in risks for the users, because it could, for example, make it more difficult to enforce the rights of the users. With regard to US providers certified under the Privacy Shield, we point out that they thereby undertake to comply with the data protection standards of the EU.
Furthermore, user data is usually processed for market research and advertising purposes. For example, usage profiles can be created from the usage behaviour and resulting interests of the users. The usage profiles can in turn be used, for example, to place advertisements within and outside the platforms that presumably correspond to the interests of the users. For these purposes, cookies are usually stored on the users’ computers, in which the usage behaviour and the interests of the users are stored. Furthermore, data may also be stored in the usage profiles irrespective of the devices used by the users (especially if the users are members of the respective platforms and are logged in to them).
The processing of the users’ personal data is based on our legitimate interests in effectively informing users and communicating with users pursuant to Art. 6 para. 1 lit. f. DSGVO. If the users are asked by the respective providers of the platforms for consent to the aforementioned data processing, the legal basis of the processing is Art. 6 para. 1 lit. a., Art. 7 DSGVO.
For a detailed description of the respective processing and the opt-out options, please refer to the information of the providers linked below.
In the case of requests for information and the assertion of user rights, we would also like to point out that these can be asserted most effectively with the providers. Only the providers have access to the users’ data and can take appropriate measures and provide information directly. If you still need help, you can contact us.
- Google/ YouTube (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland) – Privacy Policy: https://policies.google.com/privacy, Opt-Out: https://adssettings.google.com/authenticated, Privacy Shield: https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active.
- Instagram (Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA) – Privacy Policy/ Opt-Out: http://instagram.com/about/legal/privacy/.
This always assumes that the third-party providers of this content are aware of the IP address of the user, as without the IP address they would not be able to send the content to their browser. The IP address is therefore required for the display of this content. We endeavour to use only such content whose respective providers only use the IP address to deliver the content. Third-party providers may also use so-called pixel tags (invisible graphics, also known as “web beacons”) for statistical or marketing purposes. The “pixel tags” can be used to evaluate information such as visitor traffic on the pages of this website. The pseudonymous information may also be stored in cookies on the user’s device and may contain, among other things, technical information about the browser and operating system, referring websites, time of visit and other information about the use of our online offering, as well as being linked to such information from other sources.
Google Fonts
We integrate the fonts (“Google Fonts”) of the provider Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. According to Google, user data is used solely for the purpose of displaying the fonts in the user’s browser. The integration is based on our legitimate interests in a technically secure, maintenance-free and efficient use of fonts, their uniform display and consideration of possible licensing restrictions for their integration. Privacy policy: https://www.google.com/policies/privacy/.
Within our online offer, functions and contents of the service Instagram, offered by Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA, may be integrated. This may include, for example, content such as images, videos or texts and buttons with which users can share content of this online offer within Instagram. If the users are members of the Instagram platform, Instagram can assign the call-up of the above-mentioned content and functions to the users’ profiles there. Instagram privacy policy: http://instagram.com/about/legal/privacy/. Created with Datenschutz-Generator.de by RA Dr. Thomas Schwenke