top of page

Data protection

Privacy Policy

Unless otherwise stated below, the provision of your personal data is neither legally nor contractually required, nor necessary for the conclusion of a contract. You are not obliged to provide the data. Failure to provide the data will have no consequences. This only applies as long as no other information is provided in the subsequent processing operations.
“Personal data” refers to all information relating to an identified or identifiable natural person.

Server Log Files

You can visit our website without providing any personal information.
Each time you access our website, usage data is transmitted to us or our web hosting provider / IT service provider by your internet browser and stored in log data (so-called server log files). This stored data includes, for example, the name of the accessed page, date and time of access, IP address, amount of data transferred, and the requesting provider.
Processing is carried out on the basis of Art. 6(1)(f) GDPR out of our overriding legitimate interest in ensuring the trouble-free operation of our website and improving our services.

Your data may be transferred to third countries outside the European Union for which an adequacy decision by the EU Commission exists.

Contact

Controller

You may contact us if you wish. The controller for data processing is:
Marc Föhre, Schmiedestraße 1, 51709 Marienheide, Germany
Phone: +49 2264 6730
Email: info@os-sattlerei.de

Customer-Initiated Contact by Email

If you contact us on your own initiative via email, we will collect your personal data (name, email address, message content) only to the extent provided by you. The data processing serves the purpose of handling and responding to your contact request.
If the contact serves to carry out pre-contractual measures (e.g. advice in the event of purchase interest, preparation of an offer) or relates to an existing contract between you and us, processing is based on Art. 6(1)(b) GDPR.
If the contact occurs for other reasons, processing is based on Art. 6(1)(f) GDPR from our overriding legitimate interest in handling and responding to your inquiry. You have the right to object at any time, for reasons arising from your particular situation, to the processing of personal data concerning you based on Art. 6(1)(f) GDPR.
Your email address will be used solely to process your request. Your data will then be deleted in compliance with statutory retention periods unless you have consented to further processing and use.

Data Collection and Processing via Contact Form

When you use our contact form, we collect your personal data (name, email address, message) only to the extent provided by you. The data processing serves the purpose of contacting you.
Processing is based on Art. 6(1)(b) GDPR if your contact relates to pre-contractual steps or a contract. Otherwise, it is based on Art. 6(1)(f) GDPR from our legitimate interest in responding to your request. You have the right to object at any time, for reasons arising from your particular situation.
Your email address will only be used for responding to your inquiry. Your data will then be deleted unless you have consented to further processing.

(Translation continues in next message due to length)

(continued)

Use of WeTransfer

We use the WeTransfer service provided by WeTransfer B.V. (Willem Fenengastraat 19, 1096 BL Amsterdam, Netherlands; “WeTransfer”) to send files up to 2 GB upon your request.
This serves the purpose of transmitting large files in high quality. For this, we pass your email address and the file to be transferred to WeTransfer. WeTransfer generates a download link, which is sent to you and us via email. Files are encrypted during transmission and storage, and can only be accessed via the download link.
Your personal data may be transferred to WeTransfer servers in the USA and temporarily stored there (partially unencrypted). The USA is subject to an adequacy decision by the EU Commission under the Trans-Atlantic Data Privacy Framework (TADPF). WeTransfer is not certified under the TADPF. The transfer of data is also based on standard contractual clauses as appropriate safeguards. You can view them at:
https://commission.europa.eu/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc_en
Processing is based on Art. 6(1)(a) GDPR with your consent. You may revoke your consent at any time without affecting the lawfulness of the processing based on consent before its withdrawal.
Further information on WeTransfer’s privacy practices is available at: https://wetransfer.com/legal/privacy

Orders

Collection, Processing, and Sharing of Personal Data in Orders

When placing an order, we collect and process your personal data only to the extent necessary to fulfill and process your order and to handle your inquiries. The provision of data is necessary for the conclusion of the contract. Failure to provide it will result in no contract being concluded.
Processing is based on Art. 6(1)(b) GDPR and is necessary for the performance of a contract with you.
Your data may be shared, for example, with shipping companies, dropshipping providers, payment service providers, order fulfillment service providers, and IT service providers. We strictly observe legal requirements. The scope of data transmission is limited to a minimum.

Your data may be transferred to third countries for which an adequacy decision by the EU Commission exists.

Payment Service Providers

Use of PayPal Checkout

We use the PayPal Checkout payment service from PayPal (Europe) S.à.r.l. et Cie, S.C.A., (22-24 Boulevard Royal, L-2449 Luxembourg; “PayPal”). This enables you to use various payment methods. When you select and use a payment method via PayPal, the data required for payment processing is transmitted to PayPal. This processing is based on Art. 6(1)(b) GDPR.

Cookies may be stored for browser recognition. This is based on Art. 6(1)(f) GDPR from our legitimate interest in offering a customer-friendly payment process. You may object at any time.

Credit Card, Direct Debit & “Pay Later” via PayPal

For certain payment methods, PayPal reserves the right to conduct a credit check using credit agencies. The results may include probability values (scores) based on scientifically recognized mathematical-statistical procedures. Processing is based on Art. 6(1)(f) GDPR due to our interest in protection against payment defaults when PayPal provides upfront services.

You have the right to object at any time. Data provision is necessary for the use of the selected payment method. Failure to provide it may result in the contract not being fulfilled.

Third-Party Providers via PayPal

When using a third-party payment method, PayPal may transmit the necessary data to that provider. Processing is based on Art. 6(1)(b) GDPR. Possible providers include:

  • Sofort (SOFORT GmbH, Theresienhöhe 12, 80339 Munich, Germany)

  • giropay (Paydirekt GmbH, Stephanstr. 14–16, 60313 Frankfurt am Main)

Invoice Purchase via PayPal

When selecting invoice payment, PayPal transmits data to Ratepay GmbH (Franklinstraße 28–29, 10587 Berlin) to fulfill the contract. Ratepay may carry out a credit check (see above). Processing is based on Art. 6(1)(f) GDPR.
More information:
https://www.ratepay.com/legal-payment-dataprivacy/
https://www.ratepay.com/legal-payment-creditagencies/

For more on PayPal’s privacy practices:
https://www.paypal.com/de/webapps/mpp/ua/privacy-full

(continued in next message)

(continued)

Cookies

Our website uses cookies. Cookies are small text files that are stored by the internet browser or on the user’s computer system. When a user accesses a website, a cookie may be stored on the user’s operating system. This cookie contains a distinctive string that allows for the browser to be recognized upon a return visit.

Cookies are stored on your device, so you have full control over their use. You can be notified before cookies are set and decide on their acceptance, as well as prevent the storage of cookies and the transmission of the contained data by adjusting your browser settings. Previously stored cookies can be deleted at any time. Please note that some website functionalities may not be fully available if you disable cookies.

You can find instructions on managing cookies in the most common browsers here:

Technically Necessary Cookies

Unless otherwise stated in this privacy policy, we only use technically necessary cookies. These make our website more user-friendly, efficient, and secure. Some website features would not be available without cookies. These cookies allow the site to recognize your browser even after switching pages.

The use of cookies or similar technologies is based on § 25(2) TTDSG. The processing of personal data is based on Art. 6(1)(f) GDPR, from our legitimate interest in ensuring optimal website functionality and a user-friendly experience.
You have the right to object to the processing at any time based on reasons arising from your specific situation.

Analytics

Use of Google Analytics 4

We use the Google Analytics web analytics service provided by Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland). The purpose is to analyze website usage and visitors for marketing and advertising purposes. Google will use this information to evaluate website usage, compile reports, and provide other services related to website and internet usage. Data collected may include: IP address, time and date of access, click path, browser and device information, pages visited, referrer URL, location data, and purchase activities. Google may link your data with search history, accounts, device usage, and other known data.

Your IP address is anonymized on our own servers before being passed to Google. Only pseudonymized data is sent.

Google uses cookies, browser storage, and tracking pixels for analysis. Use of such technologies is based on your consent under § 25(1) TTDSG in conjunction with Art. 6(1)(a) GDPR.
You may withdraw your consent at any time without affecting the lawfulness of processing prior to withdrawal.

Data is typically transferred to Google servers in the USA. Google is certified under the Trans-Atlantic Data Privacy Framework (TADPF) and thus commits to European data protection standards. Both Google and U.S. government agencies may access your data.

More information on Google’s privacy and terms:
https://policies.google.com/technologies/partner-sites
https://policies.google.com/privacy

(continued in next message)

(continued)

Plugins and Other Tools

Use of Google Fonts

We use Google Fonts from Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland) on our website.
This processing serves the purpose of providing a uniform display of fonts. When you visit the site, your browser connects to Google’s servers to load the fonts. Cookies may be used. Your IP address and browser information are processed and transmitted to Google. These data are not linked to your Google account.

Your data may be transferred to the USA. Google is certified under the Trans-Atlantic Data Privacy Framework (TADPF), ensuring compliance with European data protection principles.
The use of cookies or similar technologies is based on your consent pursuant to § 25(1) TTDSG in conjunction with Art. 6(1)(a) GDPR.
You may withdraw your consent at any time. This does not affect the lawfulness of processing prior to withdrawal.

More information:
https://www.google.com/policies/privacy/
https://developers.google.com/fonts/faq

Use of Adobe Fonts

We use Adobe Fonts provided by Adobe Systems Software Ireland Limited (4-6 Riverwalk, Citywest Business Campus, Dublin 24, Ireland).
This enables a consistent display of fonts. When a page is loaded, your browser connects to Adobe’s servers to download the fonts. Cookies may be used. Your IP address and browser and OS information may be processed and transmitted to Adobe.

Your data may be transferred to countries such as the USA or India. The USA is subject to an adequacy decision (TADPF); Adobe is certified under this framework. No such decision exists for India.
The use of cookies or similar technologies is based on your consent (§ 25(1) TTDSG in conjunction with Art. 6(1)(a) GDPR). You may revoke your consent at any time.

More info:
https://www.adobe.com/privacy/policy.html
https://www.adobe.com/privacy/policies/adobe-fonts.html

Use of Google Translate

We integrate the translation service of Google Ireland Limited via API on our website.
This allows for automatic translation of website content into other languages. Your browser connects to Google servers for this purpose. Cookies may be used. Collected data may include: IP address, URL of the accessed page, date, and time.

Your data may be transmitted to the USA. Google is certified under the TADPF.
Use of cookies or similar technologies is based on your consent (§ 25(1) TTDSG in conjunction with Art. 6(1)(a) GDPR). You can withdraw consent at any time.

More info:
https://www.google.com/policies/privacy/

Data Subject Rights and Storage Duration

Duration of Storage

After full contract execution, the data will be retained during warranty periods and thereafter in compliance with legal, especially tax and commercial, retention periods. Once these expire, the data will be deleted unless you have agreed to further processing.

Rights of the Data Subject

You have the following rights under Articles 15–20 GDPR: right of access, rectification, erasure, restriction of processing, and data portability.
Under Article 21(1) GDPR, you also have the right to object to processing based on Art. 6(1)(f) GDPR, including profiling and direct marketing.

Right to Lodge a Complaint with Supervisory Authority

You have the right under Art. 77 GDPR to lodge a complaint with the supervisory authority if you believe that your personal data is not being processed lawfully.

Relevant authority:
State Commissioner for Data Protection and Freedom of Information of North Rhine-Westphalia
P.O. Box 20 04 44
40102 Düsseldorf, Germany
Phone: +49 211 384240
Fax: +49 211 38424999
Email: poststelle@ldi.nrw.de

Right to Object

If your personal data is processed based on our legitimate interests under Art. 6(1)(f) GDPR, you have the right to object at any time, on grounds relating to your particular situation, with effect for the future.
After objection, processing of the relevant data will be stopped unless compelling legitimate grounds can be demonstrated that override your interests, or the processing serves the establishment, exercise, or defense of legal claims.

Last updated: 29 November 2023

bottom of page