Data Protection Policy

The following policy sets out which personally identifiable information/personal data we collect during your visit to our website. Personally identifiable information is all data that can be related to the individual using the website e.g. name, address, email, consumer behavior.

1. Responsibility for data processing

In accordance with Article 4, paragraph 7 of the EU General Data Protection Regulation (GDPR), the party responsible for data processing is: 

Beate Mangrig
Rosenstr. 11
66111 Saarbrücken
Germany

Telephone: +49 (0) 681 9590502
Fax: +40 (0) 681 99889204

Email: team@roterfaden.de
(referred to below as “controller”)


2. Collection and processing of personal data

a. Data collected when visiting the website 

When visiting the controller’s website, the following data is transferred and stored from the user’s browser to the controller’s server: user’s IP address, date and time of access to the website, files accessed, amount of data sent, website requesting access, browser type, the user’s browser software language and version and the user’s operating system. The legal foundation for this is found in Article 6, paragraph 1, P. 1 lit. f GDPR. The legitimate interest of the controller is that this data is needed to ensure the functionality and optimization of the website. The aforementioned data is processed in isolation, i.e. not in conjunction with other personal user data. 

b. Data collected on registration

When registering for a customer account, the user must provide an email address and name and select a password. The customer then enters personal data for storage in the account (name, address, email, telephone number, country, state). 

On registering, the user consents to the controller storing this data in a customer profile, which the user can access by entering his/her email address and password. If the user withdraws this consent, the customer profile is deleted. The legal foundation for this is found in Article 6, paragraph. 1 P. 1 lit. a) GDPR (consent to the processing of user’s personal data). 

c. Data collected when ordering

When ordering, the user must provide certain data (title, first name and surname, street, house number, zip code, town, email address, telephone number). The legal foundation for this is found in Article 6, paragraph 1, P. 1 lit. b GDPR (processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract).

d. Data collected when paying via PayPal

If selecting the “PayPal“ payment method, the user’s contact details are transferred to PayPal. PayPal is a service provided by PayPal (Europe) S.à.r.l. & Cie. S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg. 

The controller sends PayPal the first name, surname, address, telephone number, IP address, email address and other data required to finish processing the order, as well as data relating to the order including number of items, article number, invoice total and taxes in percent, invoice details.

When the user selects the payment option "credit card via PayPal", "bank debit via PayPal" or "PayPal invoice", PayPal carries out a credit check. This involves applying mathematical/statistical procedures to calculate a rating concerning the probability of payment default (a so-called “score”). PayPal decides whether to provide the relevant payment option on the basis of this score. The score is calculated on the basis of recognized scientific procedures. The score is also based on the user’s address. Please refer to PayPal’s data protection statement for further details, including information about the credit inquiry agency: https://www.paypal.com/de/webapps/mpp/ua/privacy-full

The legal foundation for this is found in Article 6, paragraph 1, P. 1 lit. b) GDPR (processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract).

e. Data collected when using the “Questions, wishes, ideas“ form

If the user sends a message to the controller via the online form on the “Questions, wishes, ideas“ page, the user’s name, email address and/or telephone number will be asked for. This data ensures that the enquiry can be responded to quickly.
On sending a message, the user gives his/her consent to the controller to contact him/her via one of the aforementioned channels in order to deal with the enquiry. The legal foundation for this is found in Article 6, paragraph 1, P. 1 lit. b) GDPR (processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract). 

3. Use of cookies

The controller uses cookies on its website. Cookies are small text files that are stored by the internet browser on the user’s computer system. On accessing a website page, cookies can be transferred to the internet browser and are thereby traceable back to the user. They serve to generally make the internet services user friendlier and more effective.

The following types of cookies are used by the controller’s website: 

– Session cookies:

these cookies are automatically deleted when the user closes his/her browser. . 

– Persistent cookies:

these are deleted automatically after a pre-defined time, which differs depending on the cookie.

One can, at any time, change the cookie settings on one’s internet browser in order to withdraw one’s consent for future visits to the website. The user is then informed when cookies are generated and can decide from case to case whether to accept or wholly exclude the cookies. Each browser has a different way of changing the cookie settings. Cookies can be deleted via the browser preferences. Please note that by deactivating cookies, not all the controller’s website functions will be fully accessible.

The information generated by cookies in pseudonymized user profiles is not used to personally identify the user and is not linked to the user’s personally identifiable data.

The legal foundation for this is found in Article 6, paragraph 1, P. 1 lit. f GDPR. The controller’s legitimate interest lies in providing a user friendly website that operates effectively, and improves the website by evaluating user behavior.

4. Transfer to third parties

a. Data collected when visiting the website/using the online forms

The controller does not generally pass on data collected through the website to third parties. The controller does contract data processing out (e.g. to webhosts, IT providers), and this work can involve contact with user data. 

b. Data collected on ordering and payment

In the course of order processing, user’s personal data will be forwarded to the relevant payment provider and the selected delivery service.

5. Regular deletion and blocking of personally identifiable data

The controller processes and stores an individual’s personal data only for as long as is needed to fulfill the purpose of that data storage. Data may be stored for longer if this is provided for by European or national legislation in the form of directives, laws or other regulations to which those responsible for data processing are subject. 

Once the purpose of data storage has been fulfilled or the legally prescribed storage period has expired, the personal data will be deleted as a matter of course.

6. Rights of the data subject (user)

The controller must facilitate the exercise of the user’s following rights pertaining to personally identifiable data:

– Right of access,
– Right to rectification or erasure,
– Right to restriction of processing,
– Right to object to processing,
– Right to data portability.

The user also has the right to complain to a data protection supervisory authority about the controller’s processing of his/her personally identifiable data.

7. Withdrawal of user consent

Any user who has consented to the controller processing his/her data has the right to withdraw this consent at any time.

8. Google Analytics

The controller uses Google Analytics on this website. This is a web analysis service provided by Google Inc. (“Google“). Google Analytics also uses so-called “cookies“, text files that are stored on the user’s terminal (PC, mobile phone, tablet etc.). These cookies make it possible to analyze how the user has used the website. The information regarding the user’s website usage as generated by the cookie is generally sent to a Google server in the USA where it is stored. Google is certified in line with the Privacy Shield Framework and guarantees to comply with European data protection laws (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active). Via an IP anonymization tool on the controller’s website, Google does shorten the user’s IP address within the European Union member states or in other states signed up to the framework agreement before transferring it to the USA.
On behalf of this website’s controller, Google uses this information to evaluate the user’s behavior on the website, to write reports about website activities and to provide the controller with other services related to website and internet use. The data collected by Google Analytics from the user’s browser is not linked to other data collected by Google.


The user can prevent cookies being installed by making the relevant changes to the browser software settings; if this is the case, not all functions on the controller’s website may be available in their entirety.

One can withhold consent for future uses of this data by Google Analytics. This is possible via a special software program, which the user can install in conjunction with his/her web browser. Further information: http://tools.google.com/dlpage/gaoptout?hl=de.

The user can set an opt-out cookie  here that prevents the use of Google Analytics on mobile device browsers and until the user deletes his/her cookies.

The legal foundation for this data transfer to “Google Analytics“ is found in Article 6, paragraph 1, P. 1 lit. f) GDPR (legitimate interest). The controller’s legitimate interest lies in the statistical evaluation of the visitors to its website and of their behavior there. 

B. Data protection policy for facebook page

1. Party responsible for data processing

The parties jointly responsible for processing data related to the Facebook page “Roterfaden.Taschenbegleiter“ (subsequently referred to as: “FB page“) are:

a. Facebook Inc.., 1601 S. California Ave, Palo Alto, CA 94304, USA

and for Europe

facebook Ireland Limited, Hanover Reach, 5-7, Hanover Quay, Dublin 2, Ireland

(subsequently referred to as: “Facebook“)

b.Beate Mangrig, Rosenstr. 11, 66111 Saarbrücken, Germany

Telephone: +49 (0) 681 9590502
Fax: +40 (0) 681 99889204

Email: team@roterfaden.de
(subsequently referred to as: “Beate Mangrig“)
(together subsequently referred to as: “the controllers”)

2. Data processing

Data relating to the FB page is processed in accordance with the Facebook data protection policy: 

https://www.facebook.com/privacy/explanation

3. Rights of the data subject (user)

The controllers must facilitate the exercise of the user’s following rights pertaining to personally identifiable data:

– Right of access,
– Right to rectification or erasure,
– Right to restriction of processing,
– Right to object to processing,
– Right to data portability.

The user also has the right to complain to a data protection supervisory authority about the controllers’ processing of his/her personally identifiable data.

Please note that Beate Mangrig will forward any user enquiries regarding data processing by Facebook to Facebook.  

C. Data protection policy of Instagram

1. Responsibility for data processing

The parties jointly responsible for processing data related to the Instagram account “Roterfaden.de“ and “Roterfaden_drucktuch“ (subsequently referred to as: “Instagram“) are:

a. facebook Ireland Limited, Hanover Reach, 5-7, Hanover Quay, Dublin 2, Ireland

(subsequently referred to as: “FB Instagram“)

b. Beate Mangrig, Rosenstr. 11, 66111 Saarbrücken, Germany

Telephone: +49 (0) 681 9590502
Fax: +40 (0) 681 99889204

Email: team@roterfaden.de
(subsequently referred to as: “Beate Mangrig“)
(together subsequently referred to as: “the controllers”)

2. Data processing

Data relating to the Instagram account is processed in accordance with the FB Instagram data protection policy: https://help.instagram.com/519522125107875

3. Rights of the data subject (user)

The controllers must facilitate the exercise of the user’s following rights pertaining to personally identifiable data:

– Right of access,
– Right to rectification or erasure,
– Right to restriction of processing,
– Right to object to processing,
– Right to data portability.

The user also has the right to complain to a data protection supervisory authority about the controllers’ processing of his/her personally identifiable data.

Please note that Beate Mangrig will forward any user enquiries regarding data processing by FB Instagram to FB Instagram.  

D. Data protection policy of Youtube

1. Responsibility for data processing

The parties jointly responsible for processing data related to the YT channel “Roterfaden Taschenbegleiter“ (subsequently referred to as: “YT channel“) are:

a. YouTube LLC, 901 Cherry Ave, San Bruno, CA 94066, USA

Telephone: +1 650-253-0000
Fax: +1 650-253-0001

Email: support-de@google.com
(subsequently referred to as: “YouTube“)

b. Beate Mangrig, Rosenstr. 11, 66111 Saarbrücken, Germany

Telephone: +49 (0) 681 9590502
Fax: +40 (0) 681 99889204

Email: team@roterfaden.de
(subsequently referred to as: “Beate Mangrig“)
(together subsequently referred to as: “the controllers”)

2. Data processing

Data relating to the YT channel is processed in accordance with the Google/YouTube data protection policy: https://policies.google.com/privacy?hl=de&gl=de

3. Rights of the data subject (user)

The controllers must facilitate the exercise of the user’s following rights pertaining to personally identifiable data:

– Right of access,
– Right to rectification or erasure,
– Right to restriction of processing,
– Right to object to processing,
– Right to data portability.

The user also has the right to complain to a data protection supervisory authority about the controllers’ processing of his/her personally identifiable data.

Please note that Beate Mangrig will forward any user enquiries regarding data processing by YouTube to YouTube. 

E. Data protection policy of Twitter

1. Responsibility for data processing

The parties jointly responsible for processing data related to the Twitter account “Roterfaden“ (subsequently referred to as: “Twitter“) are:

a. Twitter, Inc.
1355 Market Street, Suite 900
San Francisco, CA 94103
E

Email: copyright@twitter.com
(subsequently referred to as: “Twitter“)

b. Beate Mangrig, Rosenstr. 11, 66111 Saarbrücken, Germany

Telephone: +49 (0) 681 9590502
Fax: +40 (0) 681 99889204

Email: team@roterfaden.de
(subsequently referred to as: “Beate Mangrig“)
(together subsequently referred to as: “the controllers”)

2. Data processing

Data relating to the Twitter account is processed in accordance with the Twitter data protection policy: https://twitter.com/de/privacy

3. Rights of the data subject (user)

The controllers must facilitate the exercise of the user’s following rights pertaining to personally identifiable data:

– Right of access,
– Right to rectification or erasure,
– Right to restriction of processing,
– Right to object to processing,
– Right to data portability.

The user also has the right to complain to a data protection supervisory authority about the controllers’ processing of his/her personally identifiable data.

Please note that Beate Mangrig will forward any user enquiries regarding data processing by Twitter to Twitter.