subheading

privacy policy

Privacy Policy

1. Data Protection at a Glance

General Information

The following information provides a simple overview of what happens to your personal data when you visit this website. Personal data is any data by which you can be personally identified. Detailed information on the topic of data protection can be found in our privacy policy listed below this text.

Data Collection on This Website

Who is responsible for data collection on this website?

Data processing on this website is carried out by the website operator. You can find their contact details in the section "Notice Regarding the Responsible Entity" of this privacy policy.

How do we collect your data?

Some of your data is collected when you provide it to us. This could, for example, be data that you enter in a contact form.

Other data is collected automatically or after your consent by our IT systems when you visit the website. These are mainly technical data (e.g., browser, operating system, or time of page access). This data is collected automatically as soon as you access this website.

What do we use your data for?

Part of the data is collected to ensure the error-free provision of the website. Other data may be used to analyze your user behavior. If contracts can be concluded or initiated via the website, the transmitted data is also processed for contract offers, orders, or other enquiries.

What rights do you have regarding your data?

You have the right at any time to receive information free of charge about the origin, recipient, and purpose of your stored personal data. You also have the right to request the correction or deletion of this data. If you have given your consent to data processing, you can revoke this consent at any time for the future. Furthermore, you have the right, under certain circumstances, to request the restriction of the processing of your personal data. You also have the right to lodge a complaint with the responsible supervisory authority.

You can contact us at any time with regard to these and other questions on the subject of data protection.

Analytics Tools and Third-Party Tools

Your browsing behavior may be statistically evaluated when you visit this website. This happens mainly with so-called analytics programs.

Detailed information about these analytics programs can be found in the following privacy policy.

2. Hosting

We host the content of our website with the following provider:

Shopify

The provider is Shopify International Limited, Victoria Buildings, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland (hereinafter “Shopify”).

Shopify is a tool for creating and hosting websites. When you visit our website, Shopify collects your IP address as well as information about your device and browser. Shopify also analyzes visitor numbers, visitor sources, customer behavior, and creates user statistics. If you make a purchase on our website, Shopify also collects your name, email address, shipping and billing addresses, payment information, and other data associated with the purchase (e.g., phone number, amount of purchases, etc.). For analytics, Shopify saves cookies in your browser.

Details can be found in Shopify’s privacy policy: https://www.shopify.de/legal/datenschutz.

The use of Shopify is based on Art. 6(1)(f) GDPR. We have a legitimate interest in ensuring that our website is as reliable as possible. Where corresponding consent has been requested, processing is based exclusively on Art. 6(1)(a) GDPR and § 25(1) TDDDG, to the extent the consent covers storage of cookies or access to information on the user’s device (e.g., device fingerprinting) as defined by the TDDDG. Consent can be revoked at any time.

Data Processing Agreement

We have concluded a data processing agreement (DPA) for the use of the above-mentioned service. This is a contract required by data protection law, which ensures that this service processes the personal data of our website visitors only in accordance with our instructions and in compliance with the GDPR.

3. General Information and Mandatory Disclosures

Data Protection

The operators of these pages take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with the statutory data protection regulations and this privacy policy.

When you use this website, various pieces of personal data are collected. Personal data is data by which you can be personally identified. This privacy policy explains which data we collect and what we use it for. It also explains how and for what purpose this is done.

We point out that data transmission over the Internet (e.g., when communicating by email) can have security vulnerabilities. Complete protection of data from access by third parties is not possible.

Notice Regarding the Responsible Entity

The entity responsible for data processing on this website is:

BAUFIX GmbH

Bernhard-Remmers-Str. 13

49624 Löningen

Germany

Phone: 05432 83 9410

Email: info@baufix-online.de

The responsible entity is the natural or legal person who alone or jointly with others decides on the purposes and means of the processing of personal data (e.g., names, email addresses, etc.).

Storage Period

Unless a more specific storage period has been specified within this privacy policy, your personal data will remain with us until the purpose for data processing no longer applies. If you make a legitimate request for deletion or revoke your consent to data processing, your data will be deleted unless we have other legally permissible reasons for storing your personal data (e.g., retention periods under tax or commercial law); in the latter case, deletion will take place after these reasons cease to apply.

General Information on the Legal Basis for Data Processing on This Website

If you have consented to data processing, we process your personal data based on Art. 6(1)(a) GDPR or Art. 9(2)(a) GDPR if special categories of data are processed as per Art. 9(1) GDPR. In the case of explicit consent to the transfer of personal data to third countries, data processing is also carried out on the basis of Art. 49(1)(a) GDPR. If you have consented to the storage of cookies or access to information on your device (e.g., via device fingerprinting), processing is also based on § 25(1) TDDDG. Consent can be revoked at any time. If your data is needed to fulfill a contract or to carry out pre-contractual measures, we process your data on the basis of Art. 6(1)(b) GDPR. We also process your data if this is necessary to fulfill a legal obligation, based on Art. 6(1)(c) GDPR. Data processing may further be based on our legitimate interest pursuant to Art. 6(1)(f) GDPR. The relevant legal basis in each individual case is provided in the following paragraphs of this privacy policy.

Data Protection Officer

We have appointed a data protection officer.

Oliver Stutz

Bernhard-Remmers-Str. 13

49624 Löningen

Germany

Phone: 05432 83 9410

Email: info@baufix-online.de

Note on Data Transfers to Third Countries Not Considered Safe under Data Protection Law and on Transfers to US Companies Not Certified under the DPF

Among other things, we use tools from companies based in third countries that are not considered secure under data protection law as well as US-based tools whose providers are not certified under the EU-US Data Privacy Framework (DPF). If these tools are active, your personal data may be transferred to and processed in these countries. Please note that in such countries, an EU-comparable level of data protection may not be guaranteed.

We point out that the USA is generally regarded as a safe third country, offering a data protection level comparable to the EU. Transfers to the USA are therefore permitted if the recipient is certified under the “EU-US Data Privacy Framework” (DPF) or has suitable additional safeguards. Information on transfers to third countries including recipients of data can be found in this privacy policy.

Recipients of Personal Data

In the course of our business activities, we cooperate with various external parties. This may also involve the transfer of personal data to these external parties. We only transfer personal data to external parties when necessary for the fulfillment of a contract, when we are legally obliged to do so (e.g., transfer of data to tax authorities), when we have a legitimate interest under Art. 6(1)(f) GDPR in doing so, or when another legal basis permits the transfer of data. When using processors, we only transfer personal data of our customers on the basis of a valid data processing agreement. In the case of joint processing, a joint processing contract is concluded.

Revocation of Your Consent to Data Processing

Many data processing operations are only possible with your explicit consent. You can revoke consent you have already given at any time. The lawfulness of data processing carried out until the revocation remains unaffected by the revocation.

Right to Object to Data Collection in Special Cases and to Direct Marketing (Art. 21 GDPR)

IF DATA PROCESSING IS BASED ON ART. 6(1)(E) OR (F) GDPR, YOU HAVE THE RIGHT, AT ANY TIME AND FOR REASONS ARISING FROM YOUR PARTICULAR SITUATION, TO OBJECT TO THE PROCESSING OF YOUR PERSONAL DATA; THIS ALSO APPLIES TO PROFILING BASED ON THESE PROVISIONS. THE RELEVANT LEGAL BASIS ON WHICH PROCESSING IS BASED CAN BE FOUND IN THIS PRIVACY POLICY. IF YOU OBJECT, WE WILL NO LONGER PROCESS YOUR PERSONAL DATA UNLESS WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR THE PROCESSING WHICH OVERRIDE YOUR INTERESTS, RIGHTS, AND FREEDOMS, OR THE PROCESSING IS FOR THE ESTABLISHMENT, EXERCISE, OR DEFENSE OF LEGAL CLAIMS (OBJECTION UNDER ART. 21(1) GDPR).

IF YOUR PERSONAL DATA IS PROCESSED FOR DIRECT MARKETING PURPOSES, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF PERSONAL DATA CONCERNING YOU FOR SUCH MARKETING; THIS ALSO APPLIES TO PROFILING, TO THE EXTENT THAT IT IS RELATED TO SUCH DIRECT MARKETING. IF YOU OBJECT, YOUR PERSONAL DATA WILL THEN NO LONGER BE USED FOR DIRECT MARKETING PURPOSES (OBJECTION UNDER ART. 21(2) GDPR).

Right to Lodge a Complaint with the Competent Supervisory Authority

If there are breaches of the GDPR, data subjects have the right to lodge a complaint with a supervisory authority, in particular in the member state of their habitual residence, place of work, or the place of the alleged infringement. The right of appeal exists without prejudice to any other administrative or judicial remedies.

Right to Data Portability

You have the right to have data that we process automatically on the basis of your consent or in fulfillment of a contract handed over to you or to a third party in a commonly used, machine-readable format. If you request the direct transfer of the data to another controller, this will only be done as far as it is technically feasible.

Right to Information, Correction, and Deletion

Within the framework of the applicable legal provisions, you have the right at any time to free information about your stored personal data, its origin and recipient, and the purpose of data processing, and, if applicable, a right to correction or deletion of this data. You can contact us at any time for this as well as for any further questions on the subject of personal data.

Right to Restriction of Processing

You have the right to request the restriction of the processing of your personal data. You can contact us at any time regarding this. The right to restriction of processing exists in the following cases:

If you dispute the accuracy of your personal data stored with us, we usually need time to check this. For the duration of the verification, you have the right to request the restriction of the processing of your personal data.

If the processing of your personal data happened/is happening unlawfully, you can request the restriction of data processing instead of deletion.

If we no longer need your personal data, but you need it for the establishment, exercise, or defense of legal claims, you have the right to request the restriction of the processing of your personal data instead of deletion.

If you have filed an objection under Art. 21(1) GDPR, a balance must be struck between your interests and ours. As long as it has not yet been determined whose interests prevail, you have the right to request the restriction of the processing of your personal data.

If you have restricted the processing of your personal data, this data—apart from its storage—may only be processed with your consent or for the establishment, exercise, or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest in the European Union or a member state.

SSL or TLS Encryption

This site uses SSL or TLS encryption for security reasons and to protect the transmission of confidential content, such as orders or inquiries you send to us as the site operator. You can recognize an encrypted connection by the change in the address line of the browser from “http://” to “https://” and by the lock symbol in your browser’s address bar.

If SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.

Encrypted Payment Transactions on This Website

If there is an obligation to transmit your payment data to us (e.g., account number when authorizing direct debit) after the conclusion of a paid contract, this data is required for payment processing.

Payment transactions via common means of payment (Visa/MasterCard, direct debit) are made exclusively via an encrypted SSL or TLS connection. You can recognize an encrypted connection by the change in the address line of your browser from “http://” to “https://” and by the lock symbol in your browser’s address bar.

With encrypted communication, your payment data that you transmit to us cannot be read by third parties.

Objection to Promotional Emails

The use of contact data published as part of the legal notice obligation to send unsolicited advertising and information materials is hereby rejected. The operators of the pages expressly reserve the right to take legal action in the event of unsolicited sending of advertising information, such as spam emails.

4. Data Collection on This Website

Cookies

Our internet pages use what are known as “cookies.” Cookies are small data packages that do not damage your device. They are either stored temporarily for the duration of a session (session cookies) or permanently (permanent cookies) on your device. Session cookies are automatically deleted after your visit. Permanent cookies remain stored on your device until you delete them yourself or your web browser deletes them automatically.

Cookies can be set by us (first-party cookies) or by third-party companies (so-called third-party cookies). Third-party cookies enable the integration of certain third-party services within websites (e.g., cookies for processing payment services).

Cookies have various functions. Many cookies are technically necessary because certain website functions would not work without them (e.g., the shopping cart function or the display of videos). Other cookies may be used to analyze user behavior or for advertising purposes.

Cookies required for carrying out the electronic communication process, providing certain functions you desire (e.g., for the shopping cart function), or optimizing the website (e.g., cookies for measuring the web audience) (necessary cookies), are stored based on Art. 6(1)(f) GDPR unless another legal basis is specified. The website operator has a legitimate interest in storing necessary cookies for the technically error-free and optimized provision of its services. If consent to the storage of cookies and comparable recognition technologies was requested, processing is carried out exclusively on the basis of this consent (Art. 6(1)(a) GDPR and § 25(1) TDDDG); consent can be revoked at any time.

You can set your browser so that you are informed about the setting of cookies and allow cookies only in individual cases, exclude the acceptance of cookies for certain cases or in general, and activate the automatic deletion of cookies when closing the browser. Disabling cookies may limit the functionality of this website.

Which cookies and services are used on this website can be found in this privacy policy.

GDPR Legal Cookie by Shopify

Our website uses GDPR Legal Cookie by Shopify to obtain your consent for storing certain cookies on your device or for using certain technologies and to document this in compliance with data protection regulations. The provider of this technology is beeclever GmbH, Friedrich-Mohr-Straße 1, 56070 Koblenz (hereinafter “beeclever”).

When you enter our website, a connection to the servers of beeclever is established. In this way, beeclever receives personal data such as the browser used, the IP address, and a timestamp. A cookie is then stored in your browser to assign the granted consents or their withdrawal. The data collected in this way is stored until you ask us to delete it, delete the cookie yourself, or the purpose for storing the data no longer applies. Mandatory legal retention periods remain unaffected. For details, see: https://apps.shopify.com/gdpr-legal-cookie.

The use of GDPR Legal Cookie by Shopify is carried out to obtain the legally required consents for the use of cookies. The legal basis is Art. 6(1)(c) GDPR.

Data Processing Agreement

We have concluded a data processing agreement (DPA) for use of the above-mentioned service. This is a contract required by data protection law, which ensures that this service processes the personal data of our website visitors only in accordance with our instructions and in compliance with the GDPR.

Server Log Files

The provider of the pages automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. These are:

Browser type and version

Operating system used

Referrer URL

Hostname of the accessing computer

Time of the server request

IP address

This data is not merged with other data sources.

Data is collected on the basis of Art. 6(1)(f) GDPR. The website operator has a legitimate interest in the technically error-free presentation and optimization of its website—for this, the server log files must be collected.

Contact Form

If you send us inquiries via the contact form, your details from the inquiry form, including the contact details you provide there, will be stored by us for the purpose of processing the inquiry and in case of follow-up questions. We do not pass on this data without your consent.

The processing of this data is based on Art. 6(1)(b) GDPR, if your inquiry is related to the performance of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective processing of inquiries directed to us (Art. 6(1)(f) GDPR) or on your consent (Art. 6(1)(a) GDPR) if this has been requested; consent can be revoked at any time.

The data you enter in the contact form will remain with us until you ask us to delete it, revoke your consent to storage, or the purpose for data storage no longer applies (e.g., after your request has been fully processed). Mandatory statutory provisions—in particular retention periods—remain unaffected.

Inquiry by Email, Telephone or Fax

If you contact us by email, telephone or fax, your inquiry, including all resulting personal data (name, inquiry) will be stored and processed by us for the purpose of handling your request. We do not pass on this data without your consent.

The processing of this data is based on Art. 6(1)(b) GDPR, if your inquiry is related to the performance of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective processing of inquiries addressed to us (Art. 6(1)(f) GDPR) or on your consent (Art. 6(1)(a) GDPR) if this has been requested; consent can be revoked at any time.

The data you send to us via contact inquiries will remain with us until you request deletion, revoke your consent to storage, or the purpose for data storage no longer applies (e.g., after processing your request). Mandatory statutory provisions—in particular statutory retention periods—remain unaffected.

Registration on This Website

You can register on this website to use additional features on the site. We use the data entered for this purpose only to use the respective offer or service for which you have registered. The mandatory information requested during registration must be provided in full. Otherwise, we will reject the registration.

For important changes such as the scope of the offer or technically necessary changes, we will use the email address provided during registration to inform you in this way.

The processing of the data entered during registration is for the purpose of carrying out the user relationship established by registration and, if necessary, to initiate further contracts (Art. 6(1)(b) GDPR).

The data collected during registration will be stored by us as long as you are registered on this website and will then be deleted. Statutory retention periods remain unaffected.

5. Social Media

Pinterest

This website uses elements of the social network Pinterest, operated by Pinterest Europe Ltd., Palmerston House, 2nd Floor, Fenian Street, Dublin 2, Ireland.

If you access a page containing such an element, your browser establishes a direct connection to the Pinterest servers. This social media element transmits log data to the Pinterest server in the USA. These log data may include your IP address, the addresses of websites you visit that also contain Pinterest features, the type and settings of your browser, the date and time of the request, your usage of Pinterest, and cookies.

The use of this service is based on your consent according to Art. 6(1)(a) GDPR and § 25(1) TDDDG. Consent can be revoked at any time.

For more information on the purpose, scope, further processing, and use of data by Pinterest as well as your rights and ways to protect your privacy, see Pinterest's privacy information: https://policy.pinterest.com/de/privacy-policy.

6. eCommerce and Payment Providers

Processing Customer and Contract Data

We collect, process, and use personal customer and contract data to establish, define the content of, and amend our contractual relationships. We only collect, process, and use personal data regarding the use of this website (usage data) to the extent necessary to enable the user to use the service or to bill for it. The legal basis for this is Art. 6(1)(b) GDPR.

The collected client data will be deleted after completion of the order or termination of the business relationship and expiry of any statutory retention periods. Statutory retention periods remain unaffected.

Data Transfer upon Entering into Contracts for Online Shops, Retailers, and Shipment of Goods

If you order goods from us, we will pass on your personal data to the shipping company entrusted with delivery as well as to the payment service provider responsible for processing the payment. Only the data required by the respective service provider to fulfill its task will be provided. The legal basis for this is Art. 6(1)(b) GDPR, which permits data processing for the performance of a contract or pre-contractual measures. If you have given your express consent pursuant to Art. 6(1)(a) GDPR, we will transmit your email address to the shipping company so that it can inform you about the delivery status of your order; you can revoke your consent at any time.

Data Transfer upon Entering into Contracts for Services and Digital Content

We only transfer personal data to third parties if this is necessary in the context of contract processing; for example, to the credit institution commissioned with payment processing.

No further transfer of the data takes place or only if you have expressly consented to the transfer. Your data is not passed on to third parties without your express consent, for example for advertising purposes.

The basis for the data processing is Art. 6(1)(b) GDPR, which permits the processing of data for the performance of a contract or pre-contractual measures.

Payment Services

We integrate payment services from third-party companies on our website. When you make a purchase from us, your payment data (e.g., name, payment amount, account information, credit card number) will be processed by the payment service provider for the purpose of processing payments. For these transactions, the respective terms and privacy policies of the providers apply. The use of payment service providers is based on Art. 6(1)(b) GDPR (contract performance) as well as our interest in a smooth, convenient, and secure payment process (Art. 6(1)(f) GDPR). If your consent is requested for certain actions, Art. 6(1)(a) GDPR forms the legal basis for processing; consent can be revoked at any time for the future.

We use the following payment services/providers as part of this website:

PayPal

This payment service is provided by PayPal (Europe) S.à.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter “PayPal”).

Data transfer to the USA is based on the EU Commission’s standard contractual clauses. Details can be found here: https://www.paypal.com/de/webapps/mpp/ua/pocpsa-full.

For details, see PayPal’s privacy policy: https://www.paypal.com/de/webapps/mpp/ua/privacy-full.

Apple Pay

The payment service is provided by Apple Inc., Infinite Loop, Cupertino, CA 95014, USA. Apple’s privacy policy can be found at: https://www.apple.com/legal/privacy/de-ww/.

Google Pay

Provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google’s privacy policy can be found here: https://policies.google.com/privacy.

Stripe

The provider for customers within the EU is Stripe Payments Europe, Ltd., 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland (hereinafter “Stripe”).

Data transfer to the USA is based on the EU Commission’s standard contractual clauses. Details can be found here: https://stripe.com/de/privacy and https://stripe.com/de/guides/general-data-protection-regulation.

For details, see Stripe’s privacy policy at the following link: https://stripe.com/de/privacy.

Klarna

Provider is Klarna AB, Sveavägen 46, 111 34 Stockholm, Sweden (hereinafter “Klarna”). Klarna offers various payment options (e.g., installment purchase). If you choose to pay with Klarna (Klarna checkout solution), Klarna will collect various personal data from you. Klarna uses cookies to optimize the use of the Klarna checkout solution. Details about Klarna cookies can be found at the following link: https://cdn.klarna.com/1.0/shared/content/policy/cookie/de_de/checkout.pdf.

For details, please see Klarna’s privacy policy at the following link: https://www.klarna.com/de/datenschutz/.

Shopify Payment

This payment service provider in the EU is Shopify International Limited, 2nd Floor Victoria Buildings, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland (hereinafter “Shopify Payment”).

For details, see Shopify Payment’s privacy policy: https://www.shopify.de/legal/datenschutz.

Mastercard

This payment service is provided by Mastercard Europe SA, Chaussée de Tervuren 198A, B-1410 Waterloo, Belgium (hereinafter “Mastercard”).

Mastercard may transfer data to its parent company in the USA. Data transfer to the USA is based on Mastercard’s binding corporate rules. Details can be found here: https://www.mastercard.de/de-de/datenschutz.html and https://www.mastercard.us/content/dam/mccom/global/documents/mastercard-bcrs.pdf.

VISA

This payment service is provided by Visa Europe Services Inc., UK Branch, 1 Sheldon Square, London W2 6TT, Great Britain (hereinafter “VISA”).

Great Britain is considered a country with a level of data protection equivalent to that of the European Union.

VISA may transfer data to its parent company in the USA. Data transfer to the USA is based on the EU Commission’s standard contractual clauses. Details can be found here: https://www.visa.de/nutzungsbedingungen/visa-globale-datenschutzmitteilung/mitteilung-zu-zustandigkeitsfragen-fur-den-ewr.html.

Further information can be found in VISA’s privacy policy: https://www.visa.de/nutzungsbedingungen/visa-privacy-center.html.

7. Competitions

If we offer the opportunity to participate in competitions via our website and/or social media channels, personal data will usually be processed in connection with participation in the respective competition. The specific personal data processed is specified in the participation terms of the respective competition.
We process these required data in order to conduct the competition and to determine and notify the winner(s). Where applicable, data collected will be retained in participating systems for the duration of the competition, so as to prevent unauthorized or multiple entries. In the event of a win, the personal data collected is generally used to request additional information for claiming the prize (usually name and address). We need these data in order to send the prize in the event of a win and to verify identity and/or for documentation of the declaration of acceptance or, in the case of a legal violation, to enforce our rights. If we do not collect the data mentioned, participation in the competition or contacting regarding a win notification is not possible. The legal basis for the processing of personal data necessary for participation in the respective competition is, with regard to participants, contract fulfillment (Art. 6 para. 1 sentence 1 lit. b GDPR). Should additional voluntary participant data be requested, the legal basis is consent (Art. 6 para. 1 sentence 1 lit. a GDPR), which can be revoked at any time by sending an email to kundenservice@baufix-online.de.
If the personal data of third parties is requested in connection with competitions, our legitimate interest (Art. 6 para. 1 sentence 1 lit. f GDPR) is the legal basis for processing. Depending on the competition, this may, for example, be for the purpose of announcing the company. In respect of processing taking place under Art. 6 para. 1 sentence 1 lit. f GDPR, you have the right to object at any time. Please contact kundenservice@baufix-online.de to do so.
In the event of a win, we reserve the right to ask the winners for permission to publish their names on our website and/or social media. The legal basis in this case is consent (Art. 6 para. 1 sentence 1 lit. a GDPR), which can be revoked at any time by sending an email to kundenservice@baufix-online.de.
We also analyze competition results to measure the efficiency and relevance of the campaign. We establish the success of a competition to continuously improve our marketing activities and to plan new initiatives. The legal basis for this processing is our legitimate interest (Art. 6 para. 1 sentence 1 lit. f GDPR) in measuring the success of our competition. In respect of processing under Art. 6 para. 1 sentence 1 lit. f GDPR, you have the right to object at any time. Please contact kundenservice@baufix-online.de to do so.
As a rule, in connection with competitions, we use additional service providers to process personal data, e.g., to send email notifications or store data. All processors involved in the processing of personal data have been carefully selected, strictly adhere to BAUFIX’s instructions, and only have access to personal data to the extent necessary and for the required time period. In the event of a win, we also transfer necessary personal data of winners to service providers supporting the shipping process (e.g., DHL, DPD). Other than that, data is not transferred to third parties, unless the transfer is required for conducting the competition and there is a legal basis for such transfer.
We generally process and store personal data only as long as it is necessary for the purpose for which it was collected. We therefore delete data after the competition ends, unless further storage is required for the fulfillment of legal (commercial and tax) retention obligations. Such retention periods may arise from the Commercial Code (HGB) and the Tax Code (AO) and are generally six or eight years. If you have won, we store data for at least the duration of statutory limitation periods, which is usually three years, to allow any warranty claims to be verified. Data storage after the competition ends is then based on a legal obligation (Art. 6 para. 1 sentence 1 lit. c GDPR in conjunction with the relevant legal provision).
Please note that, in the case of competitions held on social media, any posts required for participation will not be deleted by us after the competition ends. However, you can delete them yourself on the respective platform at any time.