Go to homepage
€0.00

Menu

Privacy Policy

Introduction

With the following privacy policy, we would like to inform you about what types of your personal data (hereinafter also referred to as "data") we process, for what purposes, and to what extent. The privacy policy applies to all processing of personal data carried out by us, both within the provision of our services and in particular on our websites, in mobile applications, and within external online presences, such as our social media profiles (collectively referred to as "online offering").

The terms used are not gender-specific.

Last updated: 02.06.2025

Table of Contents

  1. Introduction
  2. Controller
  3. Overview of Data Processing
  4. Relevant Legal Bases
  5. Security Measures
  6. Transfer of Personal Data
  7. Data Processing in Third Countries
  8. Deletion of Data
  9. Use of Cookies
  10. Business Services
  11. Provision of the Online Offering and Web Hosting
  12. Contact and Inquiry Management
  13. Web Analysis, Monitoring, and Optimization
  14. Plugins and Embedded Functions and Content
  15. Changes and Updates to the Privacy Policy
  16. Rights of Data Subjects
  17. Definitions of Terms

Controller

K. & N. Schurwoll GmbH
Holzbachstr. 14
56249 Herschbach

Authorized Representative:
Marcel Krah
Email: info@schurwollprodukte.de

Overview of Data Processing

The following overview summarizes the types of data processed and the purposes of their processing and refers to the data subjects.

Types of Processed Data:

  • Inventory data
  • Payment data
  • Contact data
  • Content data
  • Contract data
  • Usage data
  • Meta/communication data

Categories of Data Subjects:

  • Customers
  • Interested parties
  • Communication partners
  • Users
  • Business and contractual partners

Purposes of Processing:

  • Provision of contractual services and customer service
  • Contact inquiries and communication
  • Security measures
  • Reach measurement
  • Tracking
  • Office and organizational procedures
  • Management and response to inquiries
  • Feedback
  • Profiles with user-related information
  • Provision of our online offering and user-friendliness
  • Information technology infrastructure

Relevant Legal Bases

Below you will find an overview of the legal bases of the GDPR on which we base the processing of personal data. Please note that in addition to the provisions of the GDPR, national data protection regulations may apply in your or our country of residence or domicile. If more specific legal bases are relevant in individual cases, we will inform you of these in the privacy policy.

  • Consent (Art. 6 para. 1 sentence 1 lit. a) GDPR): The data subject has given their consent to the processing of personal data concerning them for one or more specific purposes.
  • Contract performance and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b) GDPR): The processing is necessary for the performance of a contract to which the data subject is a party or for the implementation of pre-contractual measures that are taken at the request of the data subject.
  • Legal obligation (Art. 6 para. 1 sentence 1 lit. c) GDPR): The processing is necessary for compliance with a legal obligation to which the controller is subject.
  • Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR): The processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data.

In addition to the data protection regulations of the GDPR, national data protection regulations apply in Germany. This includes, in particular, the Federal Data Protection Act (Bundesdatenschutzgesetz - BDSG). The BDSG contains specific provisions on the right to access, the right to erasure, the right to object, the processing of special categories of personal data, processing for other purposes, and the transmission and automated decision-making in individual cases, including profiling. Furthermore, it regulates data processing for employment purposes (§ 26 BDSG), in particular with regard to the establishment, performance, or termination of employment relationships as well as the consent of employees. State data protection laws of the individual federal states may also apply.

Security Measures

We take appropriate technical and organizational measures in accordance with the legal requirements, taking into account the state of the art, implementation costs, and the nature, scope, circumstances, and purposes of the processing as well as the different likelihoods and severity of the risk to the rights and freedoms of natural persons, to ensure a level of security appropriate to the risk.

The measures include, in particular, ensuring the confidentiality, integrity, and availability of data by controlling physical and electronic access to the data as well as the access, input, transfer, ensuring availability, and separation of the data. Furthermore, we have established procedures that ensure the exercise of data subject rights, the deletion of data, and responses to data threats. Moreover, we consider the protection of personal data already during the development or selection of hardware, software, and procedures, in accordance with the principle of data protection, through technology design and data protection-friendly default settings.

TLS Encryption (https): To protect your data transmitted via our online offering, we use TLS encryption. You can recognize encrypted connections by the prefix https:// in the address line of your browser.

Transfer of Personal Data

In the course of our processing of personal data, it may happen that the data is transferred to other entities, companies, legally independent organizational units, or persons or disclosed to them. The recipients of this data may include, for example, service providers tasked with IT or providers of services and content that are integrated into a website. In such cases, we comply with the legal requirements and, in particular, conclude corresponding contracts or agreements that serve to protect your data with the recipients of your data.

Data Processing in Third Countries

If we process data in a third country (i.e., outside the European Union (EU), the European Economic Area (EEA)), or if the processing takes place in the context of the use of services of third parties or the disclosure or transfer of data to other persons, entities, or companies, this will only occur in accordance with the legal requirements.

Subject to explicit consent or contractually or legally required transfer, we process or allow the data to be processed only in third countries with a recognized level of data protection, contractual obligation through so-called standard protection clauses of the EU Commission, in the presence of certifications, or binding internal data protection regulations (Art. 44 to 49 GDPR, information page of the EU Commission: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection_en).

Deletion of Data

The data processed by us will be deleted in accordance with the legal requirements as soon as their permitted consent is revoked or other permissions cease to apply (e.g., if the purpose of the processing of this data has ceased to apply or they are no longer necessary for the purpose). If the data is not deleted because it is required for other and legally permissible purposes, its processing will be restricted to these purposes. This means that the data will be blocked and not processed for other purposes. This applies, for example, to data that must be retained for commercial or tax law reasons or whose storage is necessary for the assertion, exercise, or defense of legal claims or the protection of the rights of another natural or legal person.

Our data protection notices may also include further information on the retention and deletion of data, which take precedence for the respective processing.

Use of Cookies

Cookies are small text files or other storage markers that store information on end devices and read information from end devices. For example, to store the login status in a user account, a shopping cart content in an e-shop, the accessed content, or the used functions of an online offering. Cookies can also be used for different purposes, e.g., for the functionality, security, and comfort of online offerings, as well as for the creation of analyses of visitor flows.

Notes on Consent: We use cookies in accordance with the legal requirements. Therefore, we obtain prior consent from users, except when this is not required by law. Consent is not required, in particular, if the storage and reading of the information, i.e., also of cookies, are absolutely necessary in order to provide the users with a telemedia service (i.e., our online offering) that they have expressly requested. The revocable consent will be clearly communicated to the users and will contain the information on the respective cookie use.

Notes on Legal Bases for Data Protection: The legal basis on which we process the personal data of users using cookies depends on whether we ask users for consent. If users consent, the legal basis for processing their data is the declared consent. Otherwise, the data processed using cookies will be processed on the basis of our legitimate interests (e.g., in the business operation of our online offering and its improvement of usability) or, if necessary, in order to fulfill our contractual obligations, if the use of cookies is necessary for this purpose. The purposes for which the cookies are processed by us are explained in the course of this privacy policy or within the framework of our consent and processing procedures.

Storage Duration: With regard to the storage duration, the following types of cookies are distinguished:

General Information on Withdrawal and Objection (Opt-Out)

Users may withdraw their consent at any time. Furthermore, they may object to the processing of their personal data in accordance with the legal requirements set out in Art. 21 GDPR.
Users can also express their objection via their browser settings, e.g., by deactivating the use of cookies (which may limit the functionality of our online services).
An objection to the use of cookies for online marketing purposes can also be declared via the following websites:

Further Notes on Processing Operations, Procedures, and Services

Processing of Cookie Data Based on Consent
We use a cookie consent management system, in which users can give, manage, and revoke their consent to the use of cookies, or the specific processing operations and providers mentioned in the system.
Consent is stored in order to avoid repeated prompts and to comply with legal documentation obligations. Storage can occur server-side and/or in a cookie (known as an opt-in cookie or similar technology), to associate the consent with a user or their device.

Unless otherwise specified by individual cookie management providers, the following applies:
Consent may be stored for up to two years. A pseudonymous user ID is generated and stored with the timestamp of consent, the scope of consent (e.g., which categories of cookies and/or providers), and the browser, system, and device used.

  • Temporary cookies (also: session or session cookies): Temporary cookies are deleted at the latest after a user has left an online offer and closed their end device (e.g., browser or mobile application).
  • Permanent cookies: Permanent cookies remain stored even after closing the end device. For example, the login status can be saved, or preferred content can be displayed directly when the user visits a website again. Likewise, the data collected with the help of cookies can be

  • Provision of the Online Offering and Web Hosting

    We process user data in order to provide them with our online services. For this purpose, we process the user's IP address, which is necessary to deliver the content and functions of our online services to the user's browser or device.

    Types of Data Processed:
    Usage data (e.g., websites visited, interest in content, access times);
    Meta/communication data (e.g., device information, IP addresses)

    Data Subjects:
    Users (e.g., website visitors, users of online services)

    Purposes of Processing:
    Provision of our online offering and user-friendliness;
    IT infrastructure (operation and provision of IT systems and technical devices such as computers, servers, etc.);
    Security measures

    Legal Bases:
    Legitimate interests (Art. 6(1)(f) GDPR)

    Further Information on Processing Operations, Procedures, and Services

    Provision of Online Offering on Rented Hosting Space:
    We use storage space, computing capacity, and software obtained from a corresponding server provider (also known as a "web host") to provide our online offering.
    Legal Basis: Legitimate interests (Art. 6(1)(f) GDPR)

    Collection of Access Data and Log Files:
    Access to our online offering is logged in the form of so-called server log files. These log files may include the address and name of the accessed web pages and files, date and time of access, transmitted data volumes, notification of successful retrieval, browser type and version, the user's operating system, referrer URL (previously visited page), and, as a rule, IP addresses and the requesting provider.
    The server log files may be used for security purposes (e.g., to avoid server overloads, especially in the case of misuse attacks, known as DDoS attacks) and to ensure server stability and load management.
    Legal Basis: Legitimate interests (Art. 6(1)(f) GDPR)
    Data Deletion: Log file information is stored for a maximum of 30 days and then deleted or anonymized. Data that needs to be retained for evidence purposes is excluded from deletion until the respective incident is conclusively resolved.

    Mittwald:
    Services in the field of IT infrastructure provision and associated services (e.g., storage space and/or computing capacity)
    Provider: Mittwald CM Service GmbH & Co. KG, Königsberger Straße 4-6, 32339 Espelkamp, Germany
    Legal Basis: Legitimate interests (Art. 6(1)(f) GDPR)
    Website: https://www.mittwald.de
    Privacy Policy: https://www.mittwald.de/datenschutz
    Data Processing Agreement: https://www.mittwald.de/faq/service-informationen/faq/datenschutz-alles-wichtige-zur-dsgvo

    Contact and Inquiry Management

    When contacting us (e.g., via contact form, email, telephone, or social media), as well as in the context of existing user and business relationships, we process the information provided by the inquiring individuals, insofar as this is necessary to respond to contact inquiries and any requested actions.

    Types of Data Processed:

    • Contact data (e.g., email addresses, phone numbers)

    • Content data (e.g., input in online forms)

    • Usage data (e.g., pages visited, interest in content, access times)

    • Meta/communication data (e.g., device information, IP addresses)

    Data Subjects:

    • Communication partners

    Purposes of Processing:

    • Contact requests and communication

    • Management and response to inquiries

    • Feedback (e.g., collecting feedback via online forms)

    • Provision of our online offering and user-friendliness

    Legal Bases:

    • Legitimate interests (Art. 6(1)(f) GDPR)

    • Performance of contract and pre-contractual inquiries (Art. 6(1)(b) GDPR)

    Additional Notes on Processing Operations, Procedures, and Services

    Contact Form:
    If users contact us via the contact form, email, or other means of communication, we process the data provided to us in this context in order to handle the communicated request.
    Legal Bases:

    • Performance of contract and pre-contractual inquiries (Art. 6(1)(b) GDPR)

    • Legitimate interests (Art. 6(1)(f) GDPR)

    Web Analysis, Monitoring, and Optimization

    Web analysis (also referred to as “reach measurement”) is used to evaluate visitor behavior on our online offering. It can include information such as interests, behavior, or demographic data (e.g., age or gender) in pseudonymous form. With this analysis, we can determine when our online offering or its functions or content are most frequently used or invite reuse. It also helps us identify which areas need optimization.

    In addition to web analysis, we may use test procedures (e.g., A/B testing) to test and optimize different versions of our online offering or its components.

    Unless otherwise stated, profiles (i.e., aggregated usage data) may be created and stored in a browser or on a device and accessed from there. This includes, for example, pages visited, used elements, technical information (e.g., browser, operating system), and usage times. If users have agreed to share their location data, it may also be processed.

    IP addresses of users are stored, but we use IP masking (i.e., pseudonymization by shortening the IP address) to protect users. No plain user data such as names or email addresses is stored – only pseudonymous identifiers.

    Types of Data Processed:

    • Usage data (e.g., visited websites, interest in content, access times)

    • Meta/communication data (e.g., device information, IP addresses)

    Data Subjects:

    • Users (e.g., website visitors, users of online services)

    Purposes of Processing:

    • Reach measurement (e.g., access statistics, identifying returning visitors)

    • Profiles with user-related information

    • Tracking (e.g., interest/behavior-based profiling, use of cookies)

    • Provision of our online offering and user-friendliness

    Security Measures:

    • IP masking (pseudonymization of IP address)

    Legal Basis:

    • Consent (Art. 6(1)(a) GDPR)

    Use of Google Services for Web Analytics and Tag Management

    Google Analytics
    We use Google Analytics to measure and analyze user behavior on our website. This includes reach measurement and the analysis of user flows.

    Additional Information:
    https://privacy.google.com/businesses/adsservices

    Google Analytics 4
    We use Google Analytics 4 to create pseudonymous user profiles based on a user identification number. This ID does not include names or email addresses but helps associate analytics data with a device. This includes data such as:

    • Pages viewed

    • Search queries

    • Interactions with content

    • Session duration

    • Referrer sources

    • Technical data about devices and browsers

    Geolocation Data:
    Analytics provides approximate geographic information by recording metadata from IP lookup such as city, continent, country, region, and subcontinent.

    Data Handling in the EU:
    To protect data of EU users, all data is processed through domains and servers within the EU. IP addresses are not stored and are shortened (masked) by default.

    Google Tag Manager
    Google Tag Manager is a tool that allows us to manage website tags through a user interface. The manager itself does not process personal data or set cookies but may trigger other services (which may collect data).

    Shopware Analytics

    Purpose of Processing:
    Together with our shop software provider, we jointly evaluate certain information from our customer base (e.g., customer group, visited pages, click paths, date and time of visit, device information (resolution, pixel density, operating system), referrer URL, browser information, locale, search queries, and time zone). This information is processed by an external service provider and made available to us in near real-time so that we can monitor the use of our website and improve our offerings.

    Legal Basis:
    Art. 6(1)(f) GDPR – legitimate interest

    Categories of Data:
    Derived data from master and contact data (e.g., customer group, no individual customer data), usage data, connection data

    Data Recipients:

    • shopware AG, Ebbinghoff 10, 48624 Schöppingen, Germany (as joint controller)

    • IT service providers

    Essentials of Joint Controllership:
    Joint controllership exists between us and shopware AG. Data is collected on our shop and then transferred to servers of shopware or their service providers.
    Except for the collection of consent for cookies or similar technologies and the fulfillment of information duties, all responsibilities—especially the implementation of data subject rights—lie with shopware AG.
    You can contact shopware AG at: legal@shopware.com.
    Alternatively, you can also exercise your data subject rights with us, and we will forward your request to shopware AG.
    Shopware AG may derive behavioral patterns from the collected data, but these cannot be assigned to you as an individual.

    Planned Third-Country Transfers:
    None

    Do we store or read personal data on your device with your consent?
    Yes, for details, please refer to the Consent Management section.

    Plugins and Embedded Features and Content

    We integrate functional and content elements into our online offering that are obtained from the servers of their respective providers (hereinafter referred to as “third-party providers”). These may include, for example, graphics, videos, or maps (collectively referred to as “content”).

    This integration always requires that the third-party providers of the content process users’ IP addresses, since they could not deliver the content to their browser without the IP address. Thus, the IP address is necessary to display this content or features. We strive to use only content whose respective providers use the IP address solely for delivering the content. Third-party providers may also use so-called pixel tags (invisible graphics, also referred to as “web beacons”) for statistical or marketing purposes. These “pixel tags” can be used to evaluate visitor traffic on the pages of this website. The pseudonymous information may also be stored in cookies on users’ devices and may contain technical information about the browser and operating system, referring websites, visit time, as well as other information on the use of our online offering, and may be linked to such information from other sources.

    Types of Data Processed:
    Usage data (e.g., visited websites, interest in content, access times);
    Meta/communication data (e.g., device information, IP addresses);
    Inventory data (e.g., names, addresses);
    Contact data (e.g., email, telephone numbers);
    Content data (e.g., inputs in online forms).

    Data Subjects:
    Users (e.g., visitors of the website, users of online services)

    Purposes of Processing:
    Provision of our online offering and user-friendliness

    Legal Basis:
    Legitimate interests (Art. 6(1)(f) GDPR)

    Further Information on Processing Operations, Procedures, and Services:

    Google Fonts (from Google Server):
    Fonts (and icons) are retrieved to enable secure, maintenance-free, and efficient use with respect to timeliness, load times, and licensing requirements. The provider receives users’ IP addresses so the fonts can be displayed in the browser. Technical data (language settings, screen resolution, OS, hardware) are also transmitted to tailor font delivery.

    YouTube Videos:
    We embed video content from YouTube.

    YouTube (No-Cookie Mode):
    YouTube videos may be embedded using a special domain (containing "youtube-nocookie") with enhanced privacy mode, which prevents cookie collection for personalizing playback. However, interaction data like remembering the last playback position may still be stored.

    Changes and Updates to the Privacy Policy

    We ask you to regularly inform yourself about the content of our privacy policy. We will adapt the privacy policy as soon as the changes in the data processing we carry out make it necessary. We will inform you as soon as the changes require your cooperation (e.g., consent) or another individual notification.

    If we provide addresses and contact information of companies and organizations in this privacy policy, please note that these addresses may change over time and ask you to verify the information before contacting them.

    Rights of Data Subjects

    As a data subject, you have various rights under the GDPR, which arise in particular from Articles 15 to 21 of the GDPR:

    • Right to Object:
      You have the right to object at any time, for reasons arising from your particular situation, to the processing of your personal data based on Article 6(1)(e) or (f) GDPR. This also applies to profiling based on these provisions.
      If your personal data is processed for direct marketing purposes, you have the right to object at any time to the processing of your data for such marketing. This also applies to profiling related to such direct marketing.

    • Right of Withdrawal for Consents:
      You have the right to withdraw any consent given at any time.

    • Right of Access:
      You have the right to request confirmation of whether data concerning you is being processed and to obtain information about this data, as well as further details and a copy of the data in accordance with legal requirements.

    • Right to Rectification:
      You have the right to request the completion or correction of inaccurate data concerning you, as required by law.

    • Right to Erasure and Restriction of Processing:
      You have the right to request the immediate deletion of data concerning you or, alternatively, to request the restriction of data processing in accordance with legal requirements.

    • Right to Data Portability:
      You have the right to receive data concerning you that you have provided to us in a structured, commonly used, and machine-readable format, or to request its transmission to another controller.

    • Right to Lodge a Complaint with a Supervisory Authority:
      Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, workplace, or place of the alleged infringement if you believe that the processing of your personal data violates the GDPR.

    Definitions of Terms

    This section provides an overview of the terminology used in this privacy policy. Many of the terms are taken directly from the law and defined in Article 4 of the GDPR. The legal definitions are binding. The explanations below are primarily intended to aid understanding. Terms are listed in alphabetical order.

    • Personal Data:
      "Personal data" means any information relating to an identified or identifiable natural person (referred to as the "data subject"); an identifiable natural person is one who can be identified, directly or indirectly, particularly by reference to an identifier such as a name, an identification number, location data, an online identifier (e.g., a cookie), or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.

    • Profiles with User-Related Information:
      The processing of "profiles with user-related information," or simply "profiles," includes any form of automated processing of personal data that consists of using such data to analyze, evaluate, or predict certain personal aspects relating to a natural person (depending on the type of profiling, this may include various information concerning demographics, behavior, and interests, such as interactions with websites and their content). Cookies and web beacons are often used for profiling purposes.

    • Reach Measurement:
      Reach measurement (also known as web analytics) is used to evaluate visitor flows to an online service and may include behavior or interests of visitors in certain information, such as website content. This allows website owners to understand when visitors access their site and what content interests them, so the content can be better adapted to their needs. Pseudonymous cookies and web beacons are often used to recognize returning visitors and thus obtain more accurate analyses.

    • Tracking:
      "Tracking" refers to the ability to monitor the behavior of users across multiple online services. In general, behavioral and interest-related information is stored in cookies or on the servers of providers of tracking technologies (so-called profiling). This information can then be used, for example, to display ads to users that are likely to match their interests.

    • Controller:
      A "controller" is the natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.

    • Processing:
      "Processing" means any operation or set of operations performed on personal data, whether or not by automated means. The term is broad and includes virtually any handling of data, such as collection, evaluation, storage, transmission, or deletion.

    Legal text provided by Dr. Schwenke – for more information, please visit: https://datenschutz-generator.de

This website uses cookies to ensure the best experience possible. More information...
Privacy policy | Imprint