Data Protection Declaration

 

The protection of personal data is important to us. Therefore, the processing of personal data is carried out in accordance with the applicable European and national legislation.

You can revoke your consent(s) at any time in the future. Please contact the person responsible according to § 1.

The following statement gives an overview of what data is collected, how this data is used and shared, what security measures we take to protect your data and how you obtain information about the information given to us.

 

Legal Basis for the Processing of Personal Data

Insofar as we obtain the consent of the data subject for the processing of personal data, Article 6(1)1(a) EU General Data Protection Regulation (GDPR) serves as the legal basis.

In the processing of personal data required for the performance of a contract to which the data subject is a party, Article 6(1)1(b) GDPR serves as the legal basis. This also applies to processing operations that are necessary to carry out pre-contractual measures.

Insofar as the processing of personal data is necessary to fulfil a legal obligation to which we are subject, Article 6(1)1(c) GDPR serves as the legal basis.

If processing is necessary to protect a legitimate interest of our company or a third party and if the interests, fundamental rights and freedoms of the data subject do not outweigh the former interest, Article 6(1)1f) GDPR serves as the legal basis for processing.

 

Data Deletion and Storage Time

The personal data of the data subject will be deleted or blocked as soon as the purpose of storage ceases to apply. However, data may continue to be stored if this has been provided for by the European or national legislative body in EU regulations, laws or other regulations to which we are subject. The data will also be blocked or deleted if a storage period prescribed by the aforementioned standards expires, unless there is a need for further storage of the data for the conclusion or fulfilment of a contract.

 

§ 1 The Responsible Party and the Data Protection Officer

(1)   Name and address of the party responsible 

The party responsible within the meaning of the Basic Data Protection Regulation and other national data protection laws of the member states as well as other data protection regulations:

T.D.G. Vertriebs GmbH & Co. KG
Alter Wandrahm 10
20457 Hamburg, Germany
Germany
Phone: 040 / 325423-345
hello@stop-the-water.com
www.stop-the-water-while-using-me.com


(2) Name and address of the data protection officer

The data protection officer of the responsible party is:

Anja Warners
T.D.G. Vertriebs GmbH & Co. KG
Alter Wandrahm 10
20457 Hamburg, Germany
Germany

 

§ 2 Definitions

The data protection declaration is based on the terminology used by the European regulator in the adoption of the EU General Data Protection Regulation (hereinafter referred to as "GDPR"). The data protection declaration should be easy to read and understand. To ensure this, the most important terms are explained below:


a) Personal data means any information relating to an identified or identifiable natural person (hereinafter referred to as “data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

(b) A data subject is any identified or identifiable natural person whose personal data is processed by the Data Protection Officer.

(c) Processing means any process or series of operations carried out with or without the aid of automated procedures relating to personal data, such as the gathering, collection, organisation, classification, storage, adaptation or alteration, retrieval, retrieval, use, disclosure by transmission, dissemination or any other form of provision, reconciliation or linking, restriction, erasure or destruction.

d) Profiling means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.

(e) Pseudonymization means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.

(f) The controller means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.

(g) Processor means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

h) Recipient means a natural or legal person, public authority, agency or other body, to which personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients.

(i) A third party means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.

j) Consent of the data subject means any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

 

§ 3 Provision of the Website and Creation of Log Files

(1) When using the website for information purposes only, i.e. if you do not register or otherwise provide us with information, we automatically collect the following data and information from the computer system of the calling computer each time you visit the website:

a) The IP address of the user

b) Information about the browser type and version used

c) The user's operating system

d) The Internet service provider of the user

e) date and time of access

f) Websites from which the user's system accesses the Website

g) Websites accessed by the user's system via our website

h) Content of pages visited (concrete pages)

(i) Amount of data transmitted in each case

j) Language and version of the browser software

k) Search engines used

l) Names of downloaded files

The data is stored in the log files of our system. This data is not stored together with other personal data of the user.

(2) The legal basis for the temporary storage of log files is Article 6(1)(f) GDPR.

(3) The temporary storage of the IP address by the system is necessary to:

a) enable delivery of the website to the user's computer. For this, the IP address of the user must remain stored for the duration of the session.

b) optimize the content of our website as well as the advertising therein

c) ensure the functionality of our IT systems and the technology of our website

(d) provide law enforcement authorities with the information necessary for law enforcement in the event of a cyber attack

The data is stored in log files to ensure the functionality of the website. In addition, the data serves to optimize the website and to ensure the security of our information technology systems. An evaluation of the data for marketing purposes does not take place in this context.
For these purposes, we also have a legitimate interest in data processing pursuant to Article 6(1)(f) GDPR.

(4) The collection of data for the provision of the website and the storage of data in log files is absolutely essential for the operation of the website, which is why there is no possibility of objection.

 

§ 4 Use of cookies

(1) This website uses cookies and other technologies like pixels (hereinafter referred to as cookies). Cookies are small text files which, when you visit a website, are sent from a web server to your browser and stored locally on your end device (PC, notebook, tablet, smartphone, etc.) and filed on your computer and send the user (i.e. us) specific information. Cookies are used to make the website more customer-friendly and secure, in particular to collect use-related information, such as the frequency and number of users of the pages, as well as page usage patterns. Cookies do not cause any damage to the computer and do not contain any viruses.

These cookies contain a character string (Cookie-ID), which enables a unique identification of the browser when reopening the website.

(2) We use cookies to make our website more user-friendly. Some elements of our website require that the calling browser can be identified even after a page change. The following data is stored and transmitted in the cookies: Language settings; items in a shopping cart; log-in information; information required for CSRF protection (CSFR token)
We also use cookies on our website which enable an analysis of your surfing behaviour. In this way, the following data can be transmitted: Frequency of page visits; use of website functions; origin of the user; items in the shopping basket; amount of the shopping basket value.
The data collected in this way is pseudonymized through technical precautions. Therefore, it is no longer possible to assign the data to the calling user. The data will not be stored together with other personal data. When you visit our website, an information banner informs you about the use of cookies for analytical purposes and refers you to this data protection declaration. In this context, there is also a note on how the storage of cookies can be prevented in the browser settings.
The legal basis for the processing of personal data using cookies is Article 6(1)(f) GDPR.

(3) The purpose of using technically necessary cookies is to simplify your use of websites. Some functions of our website cannot be offered without the use of cookies. For this, it is necessary that the browser is recognized even after a page change.
We need cookies for the following applications: language settings; items in a shopping cart; log-in information; guarantee of CSRF protection. 
The user data collected by technically necessary cookies are not used to create user profiles.
The purpose of using technically unnecessary cookies is to improve the quality of our website and its contents. Through the analysis cookies, we learn how the website is used and can thus continuously optimize our offer. 
This information is used when you visit the website again with the same device, to automatically recognize you and to make navigation easier for you. Thanks to these files, it is possible, for example, to display information on the site that is specifically tailored to your interests. For these purposes, our legitimate interest also lies in the processing of personal data in accordance with Article 6(1)(f) GDPR.

(4) Cookies remain stored even if the browser session is terminated and can be called up again the next time the page is visited. However, cookies are stored on your computer and transmitted to our site. Therefore, you have full control over the use of cookies. If you do not wish data to be collected via cookies, you can set your browser via the "Settings" menu so that you are informed about the use of cookies or that you can generally exclude the use of cookies or also delete cookies individually (described in more detail in the following section (5)). However, it should be noted that the functionality of this website may be limited if cookies are deactivated. As far as session cookies are concerned, they will be deleted automatically after leaving the website.

(5) Disable storage of cookies in the browser settings:

If you wish, you can set your browser so that it does not place our cookies on your hard drive. The help function in the menu bar of most web browsers explains how to prevent your browser from accepting new cookies, how to have your browser notify you when you receive a new cookie or how to delete all cookies already received and block them for all others. To do this, please proceed as follows:


Internet Explorer:

  1. Select "Internet Options" from the "Tools" menu.
  2. Click on the "Privacy" tab.
  3. Now you can adjust the security settings for the Internet zone. Here you can set whether and which cookies should be accepted or rejected.
  4. Confirm your setting with "OK".

Firefox:

  1. Select Settings from the "Tools" menu.
  2. Click on "Privacy".
  3. Select "Create according to user-defined settings" from the drop-down menu.
  4. Now you can adjust whether cookies should be accepted, how long you want to keep these cookies and add exceptions to which websites you always or never want to allow cookies to be used.
  5. Confirm your setting with "OK".

Google Chrome:

  1. Click the Chrome menu on the browser toolbar.
  2. Now select "Settings".
  3. Click on "Show advanced settings".
  4. Under "Privacy" click on "Content Settings".
  5. Under "Cookies" you can make the following settings for cookies:
    1. Delete cookies
    2. Block cookies by default
    3. Delete cookies and website data by default after exiting the browser
    4. Allow exceptions for cookies from certain websites or domains

However, we would like to point out that in this case, you may not be able to use all the functions of this website to their full extent.

 

§ 5 Newsletter

(1) With your consent you can subscribe to our free newsletter, with which we inform you about our current interesting offers.


For the registration to our newsletter we use a double opt-in procedure. This means that after your registration we will send you an e-mail to the specified e-mail address in which we ask you to confirm that you would like the newsletter to be sent.

We store your IP addresses and the time of registration and confirmation. The purpose of the procedure is to be able to prove your registration and, if necessary, to clarify a possible misuse of your personal data.
The only mandatory information for sending the newsletter is your e-mail address.

(2) The legal basis for the processing of the data after registration for the newsletter by the user is Article 6(1)(a) GDPR.

(3) The collection of the user's e-mail address serves to deliver the newsletter.

The collection of other personal data as part of the registration process serves to prevent misuse of the services or the e-mail address used.

(4) The data will be deleted as soon as they are no longer necessary to achieve the purpose for which they were collected. Your e-mail address will therefore be stored for as long as the subscription to the newsletter is active.

(5) You can cancel the receipt of our newsletters at any time and thus revoke your consent by clicking on the "Unsubscribe newsletter" field in our newsletter boilerplate or by sending us an e-mail to hello@stop-the-water.com or a message to the contact details given in the imprint.

(6) The newsletter is sent via "MailChimp", a newsletter distribution platform of the US provider Rocket Science Group, LLC, 675 Ponce De Leon Ave NE #5000, Atlanta, GA 30308, USA.
The e-mail addresses of our newsletter recipients, as well as their further data described in the context of these notes, are stored on the servers of MailChimp in the USA. MailChimp uses this information to send and evaluate the newsletter on our behalf.

Furthermore, MailChimp can use this data according to its own information to optimize or improve its own services, e.g. to technically optimize the sending and presentation of the newsletter or for economic purposes, in order to determine from which countries the recipients come. However, MailChimp does not use the data of our newsletter recipients to contact them directly or pass them on to third parties.

We trust in the reliability and IT and data security of MailChimp. MailChimp is certified under the US-EU data protection agreement "Privacy Shield" and thus commits itself to comply with EU data protection regulations. The data protection regulations of MailChimp can be viewed here.

 

§ 6 Registration

(1) We offer you the opportunity to register on our website by providing personal data. The data is entered into an interface and transmitted to us and saved. This data is not transferred to third parties, provided that no legal obligation exists for transferring the data or the transferring of data serves a criminal or legal prosecution.

The following data is collected during the registration process:

Email
Self-chosen password (It is not necessary to have a clear name, a pseudonymous use is possible)
Form of address
First name
Last name
Phone number (optional)
IP address
Date and time of registration

All data (except for the IP address which is automatically assigned based on your Internet connection) can be managed and changed in the protected customer area. Within the registration process, the user's consent to the processing of these data is required.

Data collected.

(2) Upon consent of the user, the legal basis for the processing of the data is Article 6(1)(a) GDPR.

(3) Registration is necessary for the provision of certain content and services on our website as well as for the prevention of misuse and, if necessary, for the investigation of criminal offences. (further description of contents and services)

(4) The data will be deleted as soon as they are no longer necessary to achieve the purpose for which they were collected.

This is the case for the data collected during the registration process as soon as you delete your access. We also store the voluntarily given data for the time up to the deletion of the account, provided that you do not delete these before.

You are also free to have the personal data provided during registration completely deleted from the database of the controller. The controller will inform you at any time upon request which personal data relating to the data subject are stored. Furthermore, the controller shall correct or delete personal data at the request or notice of the data subject, provided that there is no legal obligation to store such data. You can contact the controller pursuant to § 1 at any time by e-mail or post and ask for deletion/modification of the data.

 

§ 7 E-Commerce

(1) If you would like to order in our webshop, it is necessary for the conclusion of the contract that you enter your personal data, which we need for the completion of your order. The data required for the processing of the contracts are specifically marked, further details are voluntary. The data are entered into an interface and transmitted to us and stored. The following data is collected within the scope of the web shop:

Name
Address (applicable when different from delivery address)
Email
IP address
Date and time of order
Ordered articles

A transfer of the data to third parties occurs only if the transfer is necessary for the purpose of the closing of the contract or for account purposes and/or for the collection of the payment or if you have expressly consented. In this regard, we only transfer the data required in each case. The data recipients are:

-     The respective delivery/shipping company (forwarding of name, address, email address and ordered articles)

-     Collection companies, as far as the payment must be collected (forwarding of name, address, order details)

-     Credit agencies to check creditworthiness (transfer of name, address, date of birth, etc.). In this case, the transfer only takes place if we take advance orders (e.g. purchase on account).

-     The bank to collect the payment, when payment is made by direct debit


You can voluntarily create a customer account through which we can store your data for future purchases. When you create an account under "My account", the data you have provided will be stored revocably. All other data, including your user account, can always be deleted or changed in the customer area.

(2) The legal basis is Article 6(1)(b) GDPR. With regard to voluntary data, the legal basis for the processing of the data is Article 6(1)(a) GDPR.

(3) The collected mandatory data are required for the fulfilment of the contract with the user (for sending the goods and confirming the contents of the contract). We therefore use the data to answer your inquiries, to process your order, and if necessary to check the creditworthiness or in the recovery of a claim and for the purpose of technical administration of the websites. The voluntary information is provided to prevent misuse and, if necessary, to investigate criminal offences. We may also process the information you provide to inform you of other interesting products in our portfolio or to send you e-mails containing technical information.

(4) You are also free to have the personal data provided during registration completely deleted from the database of the controller. The controller will inform you at any time upon request which personal data about you is stored. Furthermore, the controller shall correct or delete personal data at the request or notice of the data subject, provided that there is no legal obligation to store such. You can contact the controller pursuant to § 1 at any time by e-mail or post to ask for deletion/modification of the data.

 

§ 8 Payment providers

Payment method: Invoice

The controller has integrated BillPay components on this website. BillPay is an online payment service that allows you to purchase on account. BillPay also offers other services, such as buyer protection or identity and credit checks.
The operating company of BillPay is BillPay GmbH, Zinnowitzer Str. 1, 10115 Berlin, Germany.

If the data subject selects "purchase on account" as a payment option in our online shop during the order process, data on the person concerned are automatically transmitted to BillPay. By selecting one of these payment options, the data subject consents to the transfer of personal data required for processing the invoice or instalment purchase or for identity and creditworthiness checks.

The personal data transmitted to BillPay is generally first name, last name, address, date of birth, gender, e-mail address, IP address, telephone number, mobile phone number and other data which are necessary to process an invoice or instalment purchase. Personal data in connection with the respective order are also necessary for the processing of the purchase contract. In particular, payment information such as bank details, card number, expiry date and CVC code, number of articles, product code, data on goods and services, prices and tax charges, information on previous purchasing behaviour or other information on the financial situation of the person concerned may be exchanged.

The transmission of the data is intended in particular for identity verification, payment administration and fraud prevention. The controller will provide BillPay with personal data, in particular if there is a legitimate interest in the transfer. The personal data exchanged between BillPay and the controller will be transmitted by BillPay to credit reference agencies. The purpose of this transmission is to verify identity and creditworthiness.

BillPay also transfers the personal data to affiliated companies (Klarna Group) and service providers or subcontractors if this is necessary to fulfil contractual obligations or if the data is to be processed on behalf of BillPay.
Klarna collects and uses data and information about the payment history of the person concerned as well as probability values for their behaviour in the future (scoring) to decide on the establishment, implementation or termination of a contractual relationship. Scoring is calculated on the basis of scientifically recognised mathematical-statistical methods.

The data subject has the option to revoke his/her consent to the handling of personal data with BillPay at any time. A revocation does not affect personal data which must be processed, used or transmitted for (contractual) payment processing.

BillPay's current privacy policy can be found at https://www.billpay.de/de/datenschutz-de/

 

Payment method: PayPal

We have integrated components of PayPal on this website. PayPal is an online payment service provider. Payments are processed via PayPal accounts, which are virtual private or business accounts. In addition, PayPal offers the option of processing virtual payments via credit cards if a user does not have a PayPal account. A PayPal account is managed via an email address, which is why there is no classic account number. PayPal makes it possible to initiate online payments to third parties or to receive payments. PayPal also acts as a trustee and provides buyer protection services.

PayPal's European operating company is PayPal (Europe) S.à.r.l. & Cie. S.C.A., 22-24 Boulevard Royal, 2449 Luxembourg, Luxembourg.

If the data subject selects "PayPal" as a payment option in our online shop during the order process, the data of the data subject are automatically transmitted to PayPal. By selecting this payment option, the person concerned consents to the transfer of personal data required for payment processing.

The personal data transmitted to PayPal is generally first name, last name, address, e-mail address, IP address, telephone number, mobile phone number or other data required for payment processing. Personal data in connection with the respective order are also necessary for the processing of the purchase contract.

The purpose of data transmission is to process payments and prevent fraud. The controller will provide PayPal with personal data, especially if there is a legitimate interest in the transfer. Personal data exchanged between PayPal and the controller may be transferred by PayPal to credit reference agencies. The purpose of this transmission is to verify identity and creditworthiness.

PayPal may pass on personal data to affiliated companies and service providers or subcontractors if this is necessary to fulfil contractual obligations or if the data is to be processed on behalf of PayPal.
The data subject has the option to revoke his/her consent to the handling of personal data with PayPal at any time. A revocation does not affect personal data which must be processed, used or transmitted for (contractual) payment processing.

PayPal's current privacy policy can be found at https://www.paypal.com/de/webapps/mpp/ua/privacy-full

 

Payment method: Sofort and credit card

We have integrated components from Heidelpay on this website. Heidelpay is an online payment service provider that enables purchases to be made by credit card and sofort (direct payment). The provider of this payment service is heidelpay GmbH, Vangerowstraße 18, 69115 Heidelberg, Germany.

Heidelpay receives the following data directly from you in connection with your order as part of the processing of electronic payment transactions: Title, gender, first name, surname, company, address, postcode, city, country, customer number, e-mail, type of payment.

When paying by credit card, the following additional information is transferred directly to Heidelpay: credit card number, credit card holder, credit card validity (month and year), credit card CVC.

When paying by online bank transfer, depending on the system, some of the following additional information may also be transferred directly to heidelpay: account holder, bank name, account number or IBAN, bank code or BIC.

Payment by credit card is billed by: Huellemann & Strauss Onlineservices S.à r.l., 1, Place du Marché, L-6755 Grevenmacher, R.C.S. Luxembourg B 144133, info@hso-services.com, Managing Director: Dipl. Vw. Mirko Hüllemann, Heiko Strauß.

The current data protection regulations of heidelpay can be found at: https://www.heidelpay.com/de/datenschutz/abgerufen

Supplement for the payment method Sofort

In the context of your order, if you decide to pay via the online payment service provider Sofort, your contact data will be transmitted to Sofort. Sofort is an offer of Sofort GmbH, Theresienhöhe 12, 80339 Munich, Germany. Sofort acts as an online payment service provider, which enables cashless payment of products and services on the Internet.

The personal data transmitted to Sofort is generally first name, last name, address, telephone number, IP address, e-mail address, or other data that is required for order processing, as well as data related to the order, such as number of articles, product code, invoice amount and taxes in percent, invoice information, etc.

This transfer is necessary to process your order using the payment method you have selected, in particular to confirm your identity, to administer your payment and the customer relationship.

However, please note: Personal data may also be passed on to service providers, subcontractors or other affiliated companies, insofar as this is necessary to fulfil the contractual obligations arising from your order or the personal data is to be processed on behalf of Sofort.

Under certain circumstances, the personal data transmitted to Sofort may be transmitted by Sofort to credit agencies. This transfer serves to verify your identity and creditworthiness with regard to the order you have placed.

The current data protection policy of Sofort can be found at https://www.sofort.com/ger-DE/datenschutzerklaerung-sofort-gmbh/

 

§ 9 Personal Data Transfer to Third Parties

1. Embedding of YouTube Videos

(1) We have integrated YouTube videos into our online offer, which are stored on http://www.YouTube.com and can be played directly from our website. These are all integrated in the "extended data protection mode", i.e. no data about you as a user will be transmitted to YouTube if you do not play the videos. Only when you play the videos will the data referred to in paragraph 2 be transmitted. By visiting this website, YouTube receives the information that you have accessed the corresponding subpage of our website.

The following data is transmitted:

  • Device-specific information, such as the hardware used, the version of the operating system, unique device identification and information about the mobile network including your telephone number.
  • Log data in the form of server logs. These include, but are not limited to, details of how the services were used, such as search queries, IP address, hardware settings, browser type, browser language, date and time of your request, source page, cookies that uniquely identify your browser or Google Account.
  • Location-related information. Google may collect information about your actual location. This includes, for example, your IP address, your WLAN access points or cell tower.
  • Further information on the data collected by Google, INC can be found at the following link: https://policies.google.com/privacy?hl=en&gl=en

This is independent of whether YouTube provides a user account through which you are logged in or whether no user account exists. If you are logged in to Google, your information will be directly associated with your account.

(2) The legal basis for processing users' personal data is Article 6(1)(f) GDPR. Google also processes your personal data in the USA and has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.

(3) The integration of the videos serves to make the website clearer for the user and to increase the search engine ranking of the website on Google. YouTube stores your data as user profiles and uses them for purposes of advertising, market research and/or demand-oriented configuration of its website. Such evaluation takes place in particular (even for unlogged-in users) to provide demand-oriented advertising and to inform other users of the social network about your activities on our website.

(4) If you do not wish to be associated with your profile on YouTube, you must log out before activating the button.

(5) You have the right to object to the creation of these user profiles, whereby you must contact YouTube to exercise this right.

(6) Further information on the purpose and scope of data collection and processing by YouTube can be found in the privacy policy. Here you will also find further information about your rights and settings options to protect your privacy: https://www.google.de/intl/de/policies/privacy.

(7) Links to external websites

This website contains links to external sites. We are responsible for our own content. We have no influence over the contents of external links and are therefore not responsible for them, in particular we do not adopt their contents as our own. If you are directed to an external site, the data protection declaration provided there applies. If you notice any illegal activities or contents on this page, please inform us. In this case, we will check the content and react accordingly (notice and take down procedure).

 

§ 10 E-Mail-Contact

(1) It is possible to contact us via the e-mail address provided. In this case, the personal data transmitted with the e-mail will be stored. If this involves information on communication channels (e.g. e-mail address, telephone number), you also agree that we may contact you via this communication channel in order to respond to your request.
In this context, the data will not be passed on to third parties. The data is used exclusively for processing the conversation.

(2) If the user has given his or her consent, the legal basis for the processing of the data is Article 6(1)(a) GDPR. The legal basis for the processing of data transmitted in the course of sending an e-mail is Article 6(1)(f) GDPR. If the e-mail contact aims at the conclusion of a contract, then the additional legal basis for the processing is Article 6(1)(b) GDPR.

(3) We will use the data from your e-mail enquiries exclusively for the purpose for which you make them available when contacting us. If contact is made by e-mail, the necessary legitimate interest in the processing of the data also applies to the response.

(4) You have the possibility to revoke your consent to the processing of personal data at any time. You can object to the storage of your personal data at any time by contacting us via email. In such a case, the conversation cannot be continued. Regarding the revocation of the consent / objection of storage, we ask you to contact the controller according to § 1 via e-mail or by post. In this case, all personal data stored in the course of contacting us will be deleted.

 

§ 11 Web Analysis by Google Analytics (with pseudonymization)

(1) We use the service of Google Inc. (Google Inc., 1600 Amphitheatre Parkway Mountain View, CA 94043, USA) to analyze the surfing behavior of our users. The software places a cookie on your computer (see §4 above for cookies). If individual pages of our website are accessed, the following data is stored:

a) Two bytes of the IP address of the user's calling system
b) The accessed website
c) Entry pages, exit pages,
d) Session duration and bounce rate
e) The frequency with which the website is accessed
f) Country and region of origin, language, browser, operating system, screen resolution, use of Flash or Java
g) Search engines and keywords used

The information generated by the cookie about the use of this website by users is usually transferred to a Google server in the USA and stored there.

This website uses Google Analytics with the extension "_anonymizeIp()". The software is set so that the IP addresses are not stored completely, but only in shortened form. In this way it is no longer possible to assign the shortened IP address to the calling computer. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. However, the IP address transmitted by your browser within the framework of Google Analytics is not merged with other Google data.

(2) The legal basis for the processing of personal data is Article 6(1)(f) GDPR. For the exceptional cases in which personal data is transferred to the USA, Google has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.

(3) On our behalf, Google will use this information to evaluate your use of the website and to compile reports on website activity. We are able to compile information about the use of the individual components of our website by evaluating the data obtained. This helps us to continuously improve our website and its user-friendliness. For these purposes, it is also in our legitimate interest to process the data in accordance with Article 6(1)(f) GDPR. By anonymizing the IP address, users' interest in protecting their personal data is sufficiently taken into account.

(4) The data will be deleted as soon as they are no longer required for our recording purposes, which in our case is after 14 months.

(5) The cookies used are stored on your computer and transmitted to our site. If you do not agree with the collection and evaluation of usage data, you can prevent this by setting your browser software accordingly, thus deactivating or restricting the use of cookies. Cookies that have already been saved can be deleted at any time. However, in this case you may not be able to use all the functions of this website in full.
You can also prevent Google from collecting the data generated by the cookie relating to your use of the website (including your IP address) and from processing this data by downloading and installing the browser plug-in available through Google under the following link. The current link is: "http://tools.google.com/dlpage/gaoptout?hl=en."

Alternatively, you can also simply object to the use of cookies on our site by ticking the box below. In this case, an "opt-out cookie" will be installed in the browser on your computer, resulting in no more session data being collected. Please note, however, that if the cookies are deleted from your computer, this opt-out cookie will also be deleted and must be activated again.

(6) Third party provider is Google Dublin, Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001 Further information can be found in the user conditions at http://www.google.com/analytics/terms/de.html, in the overview of data protection at http://www.google.com/intl/de/analytics/learn/privacy.html and in the privacy policy at http://www.google.de/intl/de/policies/privacy.

You can decide here whether a web analysis cookie may be stored in your browser to enable the operator of the website to collect and analyze various statistical data. If you wish to opt out, click on the following field to place the deactivation cookie in your browser.

 

 I do not want my visit to this website to be recorded by GoogleAnalytics web analysis.

 

§12 Affiliate Marketing about the Provider Belboon

We have integrated components from Belboon on this website. Belboon is a German affiliate network that offers affiliate marketing. Affiliate marketing is an Internet-supported form of distribution that enables commercial operators of Internet sites, so-called merchants or advertisers, to display advertisements, which are usually remunerated via click or sale commissions, on the Internet sites of third parties, i.e. sales partners, also called affiliates or publishers. The merchant provides an advertising medium via the affiliate network, i.e. an advertising banner or other suitable means of Internet advertising, which is subsequently integrated into an affiliate's own Internet pages or advertised via other channels, such as keyword advertising or e-mail marketing.

Adcell is operated by belboon GmbH, Weinmeisterstr. 12-14, 10178 Berlin.

Belboon places a cookie on the IT system of the data subject (see explanation of cookies above). Belboon's tracking cookie does not store any personal data. Only the identification number of the affiliate, i.e. the partner referring potential customers, as well as the order number of the visitor of a website and the clicked advertising material are stored. The purpose of storing this data is to process commission payments between a merchant and the affiliate, which are processed via the affiliate network, i.e. Belboon.
The data subject can prevent the setting of cookies by our website at any time, as previously described above, by means of an appropriate setting of the Internet browser used and thus permanently object to the setting of cookies. Such a setting of the Internet browser used would also prevent Belboon from placing a cookie on the information technology system of the data subject. In addition, cookies already set by Belboon can be deleted at any time via Internet browser or other software programs.

Belboon's current privacy policy can be found at https://www.belboon.com/de/ueber-uns/datenschutz/

 

§13 Retargeting

(1) We use online retargeting technologies on our website, such as the pixel of Facebook Ireland Limited. These technologies make it possible to target those users with online advertising who are already interested in our shop and our products on the websites of our partners. From studies we know that the insertion of personalized, interest-related advertising is more interesting for the Internet user than advertising that has no such personal reference. During retargeting, the advertising media are displayed on the basis of an analysis of previous user behavior. No personal data or only pseudonymized data is stored and when so, the use of retargeting technologies takes place in compliance with the applicable legal data protection regulations.


(2) The legal basis for the processing of personal data is Article 6(1)(f) GDPR.

Opt Out

You have the option of deactivating the collection of data for the purpose of personalised advertising. A cookie is then set which permanently prevents the collection of data, unless you delete this cookie in your browser specifically or via the "Delete all cookies" function. You can repeat the objection at any time.

I do not want my visit to this website to be recorded by GoogleAnalytics web analysis.

I do not want my visit to this site to be recorded by Facebook.

If you do not agree to this form of advertising, you can also deactivate cookies and/or delete existing cookies using your Internet browser settings. Please follow the instructions described under § 4.5.

 

§14 Rights of the Data Subject

If your personal data are processed, under the applicable law of the GDPR , you have the following rights:

1. The right of access
2. The right to rectification
3. The right to restriction of processing
4. The right to erasure (right to be forgotten)
5. The right to information
6. The right to data portability
7. The right to object to the processing
8. The right of withdrawal of data protection consent
9. The right not to apply an automated decision
10. The right of appeal to a supervisory authority


1. The Right of Access
(1) You can ask the controller to confirm whether personal data concerning you will be processed by us. If such processing has taken place, you can request information from the controller free of charge at any time about the personal data stored about you and about the following information:
(a) the purposes for which the personal data are processed;
(b) the categories of personal data processed;
c) the recipients or categories of recipients to whom the personal data concerning you have been or are still being disclosed;
d) the planned duration of the storage of the personal data concerning you or, if specific information on this is not possible, criteria for determining the storage period;
e) the existence of a right to rectification or deletion of personal data concerning you, a right to limitation of the processing by the controller or a right to object to such processing;
(f) the existence of a right of appeal to a supervisory authority;
(g) any available information on the origin of the data if the personal data are not collected from the data subject;
(h) the existence of automated decision-making, including profiling referred to in Article 22(1) and (4) GDPR, and - at least in these cases - meaningful information on the logic involved and the significance and envisaged effects of such processing for the data subject.
(2) You have the right to request information as to whether the personal data concerning you are transferred to a third country or to an international organisation. In this context, you may request to be informed of the appropriate safeguards pursuant to Art. 46 GDPR relating to the transmission. Please send your request by e-mail or by post, clearly identifying yourself to:

T.D.G. Vertriebs GmbH & Co. KG
Alter Wandrahm 10
20457 Hamburg, Germany
E-mail: hello@stop-the-water.com

2. The Right to Rectification

You have the right to obtain from the controller immediate rectification and/or completion if the personal data processed concerning you are incorrect or incomplete.

3. The Right to Restriction of Processing

(1) Under the following conditions, you may request the controller to immediately restrict the processing of your personal data:
a) if you dispute the accuracy of the personal data concerning you for a period of time that enables the data controller to verify the accuracy of the personal data;
b) the processing is unlawful and you oppose the deletion of the personal data and instead request that the use of the personal data be restricted;
c) the controller no longer needs the personal data for the purposes of the processing, but you need them to establish, exercise or defend legal claims, or
d) if you have objected to processing pursuant to Article 21(1) GDPR pending the verification whether the legitimate grounds of the controller override your grounds.

2. Where the processing of your personal data has been restricted, such personal data shall, with the exception of storage, only be processed with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or a Member State. If the processing restriction has been restricted in accordance with the above conditions, you will be informed by the controller before the restriction is lifted.

4. The Right to Erasure (Right to be Forgotten)

(1) You have the right to obtain from the controller the erasure of your personal data without undue delay, where one of the following grounds applies:

a) Your personal data are no longer necessary for the purposes for which they were collected or otherwise processed.

b) You withdraw consent on which the processing is based according to point (a) of Article 6(1) GDPR, or point (a) of Article 9(2) GDPR, and where there is no other legal ground for the processing.

c) You object to the processing pursuant to Article 21(1) GDPR and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Article 21(2) GDPR.

d) Your personal data have been unlawfully processed.

e) Your personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject.

f) Your personal data have been collected in relation to the offer of information society services referred to in Article 8(1) GDPR.

(2) Where the controller has made your personal data public and is obliged pursuant to Article 17(1) GDPR to erase the personal data, the controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers who are processing the personal data that you as the data subject have requested the erasure by such controllers of any links to, or copy or replication of, those personal data.

(3) The right to erasure (paragraphs 1 and 2) shall not apply to the extent that processing is necessary

(a) for exercising the right of freedom of expression and information;

(b) for compliance with a legal obligation which requires processing by Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;

c) for reasons of public interest in the area of public health in accordance with points (h) and (i) of Article 9(2) GDPR as well as Article 9(3) GDPR;

d) for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89(1) GDPR in so far as the right referred to in paragraph 1 is likely to render impossible or seriously impair the achievement of the objectives of that processing; or

 e) for the establishment, exercise or defence of legal claims.

5. The Right to Notification of Erasure or Rectification

The controller shall communicate any rectification or erasure of personal data or restriction of processing to each recipient to whom the personal data have been disclosed, unless this proves impossible or involves disproportionate effort. The controller shall inform the data subject about those recipients if the data subject requests it.

  1. The Right to Data Portability

(1) You have the right to receive the your personal, which you have provided to a controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, where 


a) the processing is based on consent pursuant to point (a) of Article 6(1) GDPR or point (a) of Article 9(2) GDPR or on a contract pursuant to point (b) of Article 6(1) GDPR; and

(b) the processing is carried out by automated means.


(2) In exercising your right to data portability pursuant to paragraph 1, you also have the right to have the personal data transmitted directly from one controller to another, where technically feasible.This shall not adversely affect the rights and freedoms of others. 

3. The right of portability shall not apply to processing necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

4. In order to exercise the right of data portability, the data subject may at any time contact the controller.

7. The Right to Object to the Processing

(1) You have the right to object, on grounds relating to your particular situation, at any time to processing of your personal data which is based on point (e) or (f) of Article 6(1) GDPR, including profiling based on those provisions.
(2) The controller shall no longer process the personal data unless the controller demonstrates compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims.
(3) Where personal data are processed for direct marketing purposes, you have the right to object at any time to processing of your personal data for such marketing, which includes profiling to the extent that it is related to such direct marketing. Where you object to processing for direct marketing purposes, your personal data shall no longer be processed for such purposes.
(4) In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, you may exercise your right to object by automated means using technical specifications.
5. In order to exercise the right to object to processing, the data subject may at any time contact the controller.

8 The Right of Withdrawal of Data Protection Consent

You have the right to withdraw your consent at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal. To withdraw your consent, contact the controller. 

9. Automated Individual Decision-Making, Including Profiling 

(1) You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. This does not apply if the decision
a) is necessary for entering into, or performance of, a contract between you and a data controller; 
b) is authorised by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard your rights and freedoms and legitimate interests; or
c) is based on your explicit consent.

(2) However, these decisions shall not be based on special categories of personal data referred to in Article 9(1) GDPR, unless point (a) or (g) of Article 9(2) GDPR applies and suitable measures to safeguard your rights and freedoms and legitimate interests are in place. 

(3) In the cases referred to in points (a) and (c) of paragraph 1, the data controller shall implement suitable measures to safeguard the your rights and freedoms and legitimate interests, at least the right to obtain human intervention on the part of the controller, to express his or her point of view and to contest the decision.

(4). If the data subject wishes to assert their rights relating to automated decisions, he or she may contact the controller at any time.

10. The Right of Appeal to a Supervisory Authority

Without prejudice to any other administrative or judicial remedy, you have the right of appeal to a supervisory authority, in particular in the Member State where you reside, work or suspect infringement, if you believe that the processing of your personal data is contrary to the GDPR. The supervisory authority to which the complaint has been lodged shall inform the complainant of the status and results of the complaint, including the possibility of a judicial remedy under Article 78 GDPR.


§ 15 Changes to the Privacy Policy

We reserve the right to change our data protection practices and this policy to adapt it to changes in relevant laws and/or regulations or to better meet your needs. Possible changes to our data protection practices will be announced here. Please note the current version date of the privacy policy.