Privacy Policy Hack-Bruecken

––––––––––––––––––––

1) Introduction and contact details of the controller

1.1 We are delighted that you are visiting our website and thank you for your interest. Below, we provide information about how we handle your personal data when you use our website. Personal data refers to any data that can be used to identify you personally.

1.2 The controller responsible for data processing on this website within the meaning of the General Data Protection Regulation (GDPR) is Felix Hack, Hack Modellbahnzubehör, Kästnerstraße 9, 71686 Remseck, Germany, Tel.: 01632302576, Fax: 07146 286083, Email: hafele@arcor.de. The controller responsible for the processing of personal data is the natural or legal person who, alone or jointly with others, determines the purposes and means of the processing of personal data.

2) Data collection when visiting our website

2.1 When you use our website for informational purposes only, i.e. if you do not register or otherwise provide us with information, we only collect data that your browser transmits to the page server (so-called “server log files”). When you visit our website, we collect the following data, which is technically necessary for us to display the website to you:

- Our visited website

- Date and time of access

- Amount of data sent in bytes

- Source/reference from which you accessed the site

- Browser used

- Operating system used

- IP address used (if applicable: in anonymized form)

The processing is carried out in accordance with Art. 6 (1) lit. f GDPR on the basis of our legitimate interest in improving the stability and functionality of our website. The data will not be passed on or used for any other purpose. However, we reserve the right to check the server log files retrospectively if there are concrete indications of illegal use.

2.2 For security reasons and to protect the transmission of personal data and other confidential content (e.g., orders or inquiries to the controller), this website uses SSL or TLS encryption. You can recognize an encrypted connection by the string “https://” and the lock symbol in your browser line.

3) Hosting & Content Delivery Network

Wix

We use the system of the following provider to host our website and display the page content: Wix HQ, 6350671, Nemal Tel Aviv St 40, Tel Aviv-Yafo, Israel

Data is also transferred to: Wix Inc., 500 Terry A. Francois Boulevard, San Francisco, California 94158, USA

All data collected on our website is processed on the provider's servers.

We have concluded a data processing agreement with the provider that ensures the protection of our website visitors' data and prohibits unauthorized disclosure to third parties.

When data is transferred to the provider's location, an adequate level of data protection is guaranteed by an adequacy decision of the European Commission.

For data transfers to the USA, the provider has joined the EU-US Data Privacy Framework, which ensures compliance with European data protection standards on the basis of an adequacy decision by the European Commission.

4) Cookies

In order to make visiting our website attractive and to enable the use of certain functions, we use cookies, i.e., small text files that are stored on your device. Some of these cookies are automatically deleted after closing the browser (so-called “session cookies”), while others remain on your device for longer and enable the storage of page settings (so-called “persistent cookies”). In the latter case, you can find the storage period in the overview of your web browser's cookie settings.

If personal data is also processed by individual cookies used by us, the processing is carried out in accordance with Art. 6 (1) lit. b GDPR either for the performance of the contract, pursuant to Art. 6 (1) (a) GDPR in the case of consent, or pursuant to Art. 6 (1) (f) GDPR to safeguard our legitimate interests in the best possible functionality of the website and a customer-friendly and effective design of the site visit.

You can set your browser so that you are informed about the setting of cookies and can decide individually whether to accept them or to exclude the acceptance of cookies in certain cases or in general.

Please note that if you do not accept cookies, the functionality of our website may be limited.

5) Contacting us

When you contact us (e.g., via the contact form or email), personal data will be processed solely for the purpose of processing and responding to your request and only to the extent necessary for this purpose.

The legal basis for the processing of this data is our legitimate interest in responding to your request in accordance with Art. 6 (1) lit. f GDPR. If your contact is aimed at concluding a contract, the additional legal basis for processing is Art. 6 (1) lit. b GDPR. Your data will be deleted if it can be inferred from the circumstances that the matter in question has been conclusively clarified and provided that there are no legal retention obligations to the contrary.

6) Data processing when opening a customer account

In accordance with Art. 6 (1) (b) GDPR, personal data will continue to be collected and processed to the extent necessary if you provide it to us when opening a customer account. The data required to open an account can be found in the input mask of the corresponding form on our website.

You can delete your customer account at any time by sending a message to the above address of the controller. After deleting your customer account, your data will be deleted, provided that all contracts concluded via this account have been fully processed, there are no legal retention periods that prevent this, and we have no legitimate interest in continuing to store the data.

7) Data processing for order processing

7.1 Insofar as necessary for the execution of the contract for delivery and payment purposes, the personal data collected by us will be passed on to the commissioned transport company and the commissioned credit institution in accordance with Art. 6 (1) lit. b GDPR.

If we owe you updates for goods with digital elements or for digital products on the basis of a corresponding contract, we will process the contact details you provided when placing your order in order to inform you personally within the scope of our legal information obligations in accordance with Art. 6 (1) lit. c GDPR. Your contact details will be used strictly for the purpose of communicating updates owed by us and will only be processed by us to the extent necessary for the respective information.

To process your order, we also work with the following service provider(s), who support us in whole or in part in the execution of concluded contracts. Certain personal data will be transferred to these service providers in accordance with the following information.

7.2 Use of payment service providers (payment services)

- PayPal

One or more online payment methods from the following provider are available on this website: PayPal (Europe) S.a.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg

If you select a payment method from this provider that requires advance payment, your payment details provided during the ordering process (including your name, address, bank and payment card information, currency, and transaction number) as well as information about the content of your order will be passed on to this provider in accordance with Art. 6 (1) (b) GDPR. In this case, your data will only be passed on for the purpose of processing the payment with the provider and only to the extent necessary for this purpose.

If you select a payment method where we make advance payments, you will also be asked to provide certain personal data (first and last name, street, house number, postal code, city, date of birth, email address, telephone number, and, if applicable, data on an alternative means of payment) during the ordering process.

In such cases, in order to protect our legitimate interest in determining your solvency, we will forward this data to the provider for the purpose of a credit check in accordance with Art. 6 (1) lit. f GDPR. The provider checks whether the payment option you have selected can be granted with regard to payment and/or default risks on the basis of the personal data you have provided and other data (such as shopping cart, invoice amount, order history, payment history).

The credit check may contain probability values (so-called score values). Insofar as score values are included in the result of the credit check, they are based on a scientifically recognized mathematical-statistical procedure. Address data, among other things, but not exclusively, are included in the calculation of the score values.

You can object to this processing of your data at any time by sending a message to us or to the provider. However, the provider may still be entitled to process your personal data if this is necessary for contractual payment processing.

8) Web analytics services

8.1 TWIPLA

This website uses the web analytics service provided by the following provider: Visitor Analytics GmbH, Seestraße 76, 82335 Berg, Germany

With the help of cookies and/or comparable technologies (tracking pixels, web beacons, algorithms for reading terminal and browser information), the service collects and stores pseudonymized visitor data, including information about the terminal used, such as the IP address and browser information, in order to evaluate it for statistical analyses of usage behavior on our website and to create pseudonymized usage profiles. Among other things, this enables the evaluation of movement patterns (so-called heat maps), which show the duration of page visits and interactions with page content (e.g., text entries, scrolling, clicks, and mouse-overs). Pseudonymization fundamentally excludes direct personal reference. There is no merging with other clear data about your person that has been collected in other ways.

All processing described above, in particular the reading or storage of information on the device used, will only be carried out if you have given us your express consent in accordance with Art. 6 (1) (a) GDPR. You can revoke your consent at any time with effect for the future by deactivating this service in the “Cookie Consent Tool” provided on the website.

We have concluded a data processing agreement with the provider that ensures the protection of our website visitors' data and prohibits unauthorized disclosure to third parties.

8.2 Wix Analytics

This website uses the web analytics service of the following provider: Wix HQ, 6350671, Nemal Tel Aviv St 40, Tel Aviv-Yafo, Israel

We have concluded a data processing agreement with the provider that ensures the protection of our website visitors' data and prohibits unauthorized disclosure to third parties.

When data is transferred to the provider's location, an adequate level of data protection is guaranteed by an adequacy decision of the European Commission.

9) Website Functionalities

9.1 Facebook Connect

On our website, we provide a single sign-on function from the following provider: Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.

In addition to data being transmitted to the aforementioned provider's location, data may also be transmitted to: Meta Platforms Inc., USA.

If you have an account with the provider, you can use these account details to create a user account or register on our website.

When you visit this page, this login function can establish a direct connection between your browser and the provider's servers, even if you do not have an account with the provider or are not logged in. The provider then receives the information that you have visited our site. The information collected in this way (possibly including your IP address) is transmitted directly from your browser to a server of the provider and stored there. However, this information is not used to personally identify you and is not shared with third parties.

These data processing operations are carried out in accordance with Article 6 Paragraph 1 Letter f GDPR on the basis of our legitimate interest in a user-friendly and interactive design of our online presence.

If you click the registration button to register on our website using your account data with the provider, the provider will transmit the general and publicly accessible information stored in your account (user ID, name, address, email address, age, and gender) to us exclusively on the basis of your explicit consent in accordance with Article 6 Paragraph 1 Letter a GDPR.

We store and use the data transmitted by the provider to set up a user account with the necessary data (title, first name, last name, address, country, email address, date of birth), provided you have released this information to the provider. Conversely, based on your consent, data (e.g., information about your browsing or purchasing behavior) can be transferred from us to your account with the provider.

You can revoke your consent at any time with effect for the future.

For data transfers to the USA, the provider has joined the EU-US Data Privacy Framework, which, based on an adequacy decision by the European Commission, ensures compliance with the European level of data protection.

9.2 Google Sign-In

On our website, we provide a single sign-on function from the following provider: Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland.

In addition to data being transferred to the aforementioned provider's location, data may also be transferred to: Google LLC, USA.

If you have an account with the provider, you can use these account details to create a user account or register on our website.

You can revoke your consent at any time with effect for the future.

Further information on Google's privacy policy can be found here: https://business.safety.google/intl/de/privacy/

9.3 Google Maps

This website uses an online map service provided by Google Maps (API) from Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”).

Google Maps is a web service for displaying interactive maps to visually represent geographic information. Using this service allows us to show you our location and makes it easier for you to find directions.

When you access any page on our website that includes a Google Maps map, information about your use of our website (such as your IP address) is transmitted to and stored on Google servers. This may also involve transmission to the servers of Google LLC in the USA. This occurs regardless of whether Google provides a user account that you are logged into or whether a user account exists at all. If you are logged into Google, your data will be directly associated with your account. If you do not want this association with your Google profile, you must log out before activating the button. Google stores your data (even for users who are not logged in) as usage profiles and analyzes them.

The collection, storage, and analysis of this data are carried out in accordance with Article 6(1)(f) GDPR based on Google's legitimate interest in displaying personalized advertising, conducting market research, and/or designing Google websites to meet user needs. You have the right to object to the creation of these user profiles, and you must contact Google to exercise this right. If you do not agree to the future transfer of your data to Google when using Google Maps, you can also completely deactivate the Google Maps web service by disabling JavaScript in your browser. Google Maps, and therefore the map display on this website, will then be unavailable.

Where legally required, we have obtained your consent for the processing of your data as described above in accordance with Article 6(1)(a) GDPR. You can withdraw your consent at any time with effect for the future. To exercise your right to object, please follow the instructions for submitting an objection as described above.

Further information on Google's privacy policy can be found here: https://business.safety.google/intl/de/privacy/

9.4 Google Web Fonts

This website uses web fonts from the following provider for the uniform display of fonts: Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland.

When you access a page, your browser loads the required web fonts into its browser cache to display texts and fonts correctly and establishes a direct connection to the provider's servers. In doing so, certain browser information, including your IP address, is transmitted to the provider.

Data may also be transmitted to: Google LLC, USA.

The processing of personal data during the connection to the font provider only takes place if you have given us your explicit consent in accordance with Art. 6 Para. 1 lit. a GDPR. You can revoke your consent at any time with effect for the future by deactivating this service via the "cookie consent tool" provided on the website. If your browser does not support web fonts, a standard font from your computer will be used.

Further information on Google's privacy policy can be found here: https://business.safety.google/intl/de/privacy/

9.5 Google reCAPTCHA

This website uses the CAPTCHA service provided by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland.

Data may also be transferred to: Google LLC, USA.

For the visual design of the CAPTCHA window, the provider uses "Google Fonts," i.e., fonts downloaded from the internet by Google. No further information beyond that already transmitted to Google via the reCAPTCHA functionality is processed.

The service verifies whether an entry is made by a human or abusively by automated processing and blocks spam, DDoS attacks, and similar automated malicious access. To ensure that an action is performed by a human and not an automated bot, the provider collects the IP address of the device used, identification data of the browser and operating system used, as well as the date and duration of the visit, and transmits this information to the provider's servers for evaluation. Cookies may be used in this process; these are small text files that are stored in the browser of your device.

If the processing described above is based on cookies, they will only be set if you have given us your explicit consent in accordance with Article 6(1)(a) GDPR. You can revoke your consent at any time with effect for the future by deactivating this service in the "Cookie Consent Tool" provided on the website.

If the processing described above is carried out without the use of cookies, the legal basis is our legitimate interest in establishing individual responsibility on the internet and preventing misuse and spam in accordance with Article 6(1)(f) GDPR.

We have concluded a data processing agreement with the provider, which ensures the protection of our website visitors' data and prohibits unauthorized disclosure to third parties.

Further information on Google's privacy policy can be found here: https://business.safety.google/intl/de/privacy/

10) Tools and Other Information

Cookie Consent Tool

This website uses a "cookie consent tool" to obtain valid user consent for cookies and cookie-based applications that require consent. The cookie consent tool is displayed to users upon visiting the site as an interactive interface, where consent for specific cookies and/or cookie-based applications can be granted by ticking boxes. By using this tool, all cookies/services requiring consent are only loaded if the respective user grants the corresponding consent by ticking the boxes. This ensures that such cookies are only placed on the user's device if consent has been given.

The tool uses technically necessary cookies to store your cookie preferences. No personal user data is processed in this process.

If, in individual cases, the processing of personal data (such as the IP address) occurs for the purpose of storing, assigning, or logging cookie settings, this is done in accordance with Article 6(1)(f) GDPR based on our legitimate interest in legally compliant, user-specific, and user-friendly cookie consent management and thus in the legally compliant design of our website.

A further legal basis for processing is Article 6(1)(c) GDPR. As the data controller, we are legally obligated to make the use of cookies that are not technically necessary dependent on the respective user's consent.

Where necessary, we have concluded a data processing agreement with the provider, which ensures the protection of our website visitors' data and prohibits unauthorized disclosure to third parties.

Further information about the operator and the settings options of the cookie consent tool can be found directly in the corresponding user interface on our website.

11) Rights of the Data Subject

11.1 Applicable data protection law grants you the following rights as a data subject (rights of access and intervention) with regard to the processing of your personal data by the controller. The respective requirements for exercising these rights are set out in the legal basis listed below:

- Right of access pursuant to Article 15 GDPR;

- Right to rectification pursuant to Article 16 GDPR;

- Right to erasure pursuant to Article 17 GDPR;

- Right to restriction of processing pursuant to Article 18 GDPR;

- Right to be informed pursuant to Article 19 GDPR;

- Right to data portability pursuant to Article 20 GDPR;

- Right to withdraw consent pursuant to Article 7(3) GDPR;

- Right to lodge a complaint pursuant to Article 77 GDPR.

11.2 RIGHT TO OBJECT
IF WE PROCESS YOUR PERSONAL DATA BASED ON OUR OVERRIDING LEGITIMATE INTEREST AS PART OF A BALANCING OF INTERESTS, YOU HAVE THE RIGHT TO OBJECT TO THIS PROCESSING AT ANY TIME, ON GROUNDS RELATING TO YOUR PARTICULAR SITUATION, WITH EFFECT FOR THE FUTURE.

IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL CEASE PROCESSING THE DATA IN QUESTION. FURTHER PROCESSING WILL ONLY BE PERMITTED IF WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR THE PROCESSING WHICH OVERRIDE YOUR INTERESTS, FUNDAMENTAL RIGHTS AND FREEDOMS, OR IF THE PROCESSING SERVES THE ESTABLISHMENT, EXERCISE OR DEFENSE OF LEGAL CLAIMS.

IF WE PROCESS YOUR PERSONAL DATA FOR DIRECT MARKETING PURPOSES, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF YOUR PERSONAL DATA FOR SUCH MARKETING. YOU CAN EXERCISE YOUR RIGHT TO OBJECT AS DESCRIBED ABOVE.

IF WE PROCESS YOUR PERSONAL DATA FOR DIRECT MARKETING PURPOSES, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF YOUR PERSONAL DATA FOR SUCH MARKETING. IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL CEASE PROCESSING THE DATA IN QUESTION FOR DIRECT MARKETING PURPOSES.

12) Duration of Storage of Personal Data

The duration of storage of personal data is determined by the respective legal basis, the purpose of processing, and – where applicable – by the respective statutory retention period (e.g., commercial and tax law retention periods).

When processing personal data based on explicit consent pursuant to Art. 6 para. 1 lit. a GDPR, the data in question will be stored until you withdraw your consent.

If statutory retention periods exist for data processed in the context of contractual or quasi-contractual obligations based on Art. 6 para. 1 lit. b GDPR, this data will be routinely deleted after the expiry of the retention periods, unless it is still required for the performance of a contract or for initiating a contract and/or we have a legitimate interest in its continued storage.

When processing personal data based on Article 6(1)(f) GDPR, this data will be stored until you exercise your right to object pursuant to Article 21(1) GDPR, unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the purpose of establishing, exercising or defending legal claims.

When processing personal data for direct marketing purposes based on Article 6(1)(f) GDPR, this data will be stored until you exercise your right to object pursuant to Article 21(2) GDPR.

Unless otherwise specified in this privacy policy regarding specific processing situations, stored personal data will be deleted when it is no longer necessary for the purposes for which it was collected or otherwise processed.

Back to home page

Privacy Policy Hack-Bruecken

Shop

Customer service

About Hack-Bruecken