Privacy Policy

1) Introduction and contact details of the controller

 

1.1 We are pleased that you are visiting our website and thank you for your interest. In the following, we inform you about the handling of your personal data when using our website. Personal data is any data with which you can be personally identified.

 

 

1.2 The controller for data processing on this website within the meaning of the General Data Protection Regulation (GDPR) is Alfred Tomesch GmbH & Co. KG, Am Riederloh 24, 87600 Kaufbeuren, Germany, Phone: +49 8341 9560230, Email: info@wuerfel-tomesch.com. The controller responsible for the processing of personal data is the natural or legal person who alone or jointly with others determines the purposes and means of the processing of personal data.

 

 

2) Data collection when visiting our website

 

2.1 When merely using our website for informational purposes, i.e. if you do not register or otherwise transmit information to us, we only collect data that your browser transmits to the page server (so-called "server log files"). When you visit our website, we collect the following data that is technically necessary for us to display the website to you:

 

 

Our visited website

 

Date and time at the time of access

 

Amount of data sent in bytes

 

Source/reference from which you reached the page

 

Browser used

 

Operating system used

 

IP address used (if applicable: in anonymized form)

 

The processing is carried out in accordance with Art. 6 Para. 1 lit. f GDPR on the basis of our legitimate interest in improving the stability and functionality of our website. The data will not be passed on or used in any other way. However, we reserve the right to subsequently check the server log files if there are concrete indications of illegal use.

 

 

2.2 This website uses SSL or TLS encryption for security reasons and to protect the transmission of personal data and other confidential content (e.g. orders or inquiries to the controller). You can recognize an encrypted connection by the character string "https://" and the lock symbol in your browser line.

 

 

3) Hosting & Content Delivery Network

 

For hosting our website and displaying the page content, we use a provider who provides its services itself or through selected sub-contractors exclusively on servers within the European Union.

 

 

All data collected on our website is processed on these servers.

 

 

We have concluded a data processing agreement with the provider, which ensures the protection of the data of our site visitors and prohibits unauthorized disclosure to third parties.

 

 

4) Cookies

 

In order to make visiting our website attractive and to enable the use of certain functions, we use cookies, i.e. small text files that are stored on your device. Some of these cookies are automatically deleted after closing the browser (so-called "session cookies"), some of these cookies remain longer on your device and enable the storage of page settings (so-called "persistent cookies"). In the latter case, you can find the storage duration in the overview of the cookie settings of your web browser.

 

 

If personal data is also processed by individual cookies used by us, the processing takes place in accordance with Art. 6 Para. 1 lit. b GDPR either for the performance of the contract, in accordance with Art. 6 Para. 1 lit. a GDPR in the case of consent given or in accordance with Art. 6 Para. 1 lit. f GDPR to safeguard our legitimate interests in the best possible functionality of the website as well as a customer-friendly and effective design of the site visit.

 

 

You can set your browser so that you are informed about the setting of cookies and can decide individually about their acceptance or exclude the acceptance of cookies for certain cases or in general.

 

 

Please note that if you do not accept cookies, the functionality of our website may be limited.

 

 

5) Contact

 

5.1 WhatsApp Business

 

 

You have the option of contacting us via the messaging service WhatsApp from WhatsApp Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. For this purpose, we use the so-called "Business version" of WhatsApp.

 

 

If you contact us via WhatsApp on the occasion of a specific business transaction (e.g. an order placed), we store and use the mobile phone number you use on WhatsApp as well as – if provided – your first and last name in accordance with Art. 6 Para. 1 lit. b. GDPR to process and respond to your request. On the basis of the same legal basis, we will ask you via WhatsApp to provide further data (order number, customer number, address or email address) if necessary, in order to be able to assign your inquiry to a specific process.

 

 

If you use our WhatsApp contact for general inquiries (e.g. about the range of services, availability or our website), we store and use the mobile phone number you use on WhatsApp as well as – if provided – your first and last name in accordance with Art. 6 Para. 1 lit. f GDPR on the basis of our legitimate interest in the efficient and timely provision of the requested information.

 

 

Your data is always used only to answer your request via WhatsApp. No disclosure to third parties takes place.

 

 

Please note that WhatsApp Business receives access to the address book of the mobile device we use for this purpose and automatically transfers phone numbers stored in the address book to a server of the parent company Meta Platforms Inc. in the USA. For the operation of our WhatsApp Business account, we use a mobile device in whose address book only the WhatsApp contact details of those users are stored who have also contacted us via WhatsApp.

 

 

This ensures that every person whose WhatsApp contact details are stored in our address book has already consented to the transmission of their WhatsApp phone number from the address books of their chat contacts in accordance with Art. 6 Para. 1 lit. a GDPR when they first used the app on their device by accepting the WhatsApp terms of use. A transmission of data from users who do not use WhatsApp and/or have not contacted us via WhatsApp is therefore excluded.

 

 

5.2 E-mail contact

 

 

If you contact us by email, your inquiry including all resulting personal data (name, inquiry) will be stored and processed by us for the purpose of processing your request. We will not pass on this data without your consent.

 

 

The processing of this data is based on Art. 6 Para. 1 lit. b GDPR if your inquiry is related to the performance of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective processing of inquiries addressed to us (Art. 6 Para. 1 lit. f GDPR) or on your consent (Art. 6 Para. 1 lit. a GDPR) if this has been requested; consent can be revoked at any time.

 

 

The data you send to us via contact requests will remain with us until you request us to delete it, revoke your consent to storage or the purpose for data storage no longer applies (e.g. after your request has been processed). Mandatory statutory provisions – in particular statutory retention periods – remain unaffected.

 

 

6) Tools and miscellaneous

 

6.1 Google Fonts

 

 

We use fonts ("Google Fonts") from Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, for the display of our website. When accessing a page of our website, your browser loads the required fonts into your browser cache in order to display texts and fonts correctly. For this purpose, the browser you are using must connect to Google's servers.

 

 

As a result, Google learns that our website has been accessed via your IP address. If your browser does not support this feature, a default font is used by your end device for display.

 

 

We use Google Fonts on the basis of Art. 6 Para. 1 lit. f GDPR. Our legitimate interest is the consistent and appealing presentation of our offer.

 

 

Further information on Google Fonts can be found at: https://developers.google.com/fonts/faq and in Google's privacy policy: https://policies.google.com/privacy?hl=en

 

 

6.2 Font Awesome Icons

 

 

On this website we use Font Awesome Icons from Fonticons Inc., 6 Porter Rd., Apt. 3R, Cambridge, MA 02140, USA. When you access a page, your browser loads the required icons into the browser cache to display texts, characters and fonts correctly.

 

 

For this purpose, the browser you are using must connect to the servers of Fonticons Inc. This means that Fonticons Inc. learns that our website has been accessed via your IP address. If your browser does not support this function, your end device uses a standard font for display.

 

 

We use Font Awesome on the basis of Art. 6 Para. 1 lit. f GDPR. Our legitimate interest is the consistent and appealing presentation of our offer.

 

 

Further information about Font Awesome can be found in the provider's privacy policy at: https://fontawesome.com/privacy

 

 

7) Online marketing

 

7.1 Google Ads Conversion Tracking

 

 

We use the "Google Ads" advertising service from Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google") to draw attention to our offers with the help of advertising material (so-called Google Ads) on external websites.

 

 

In relation to the data of the advertising campaigns, we can determine how successful the individual advertising measures are. We pursue the interest of showing you advertising that is of interest to you, making our website more interesting for you and achieving a fair calculation of advertising costs.

 

 

When you reach our website via a Google ad, Google stores a cookie on your end device. These cookies usually lose their validity after 30 days and are not intended to identify you personally. For this cookie, the unique cookie ID, number of ad impressions per placement (frequency), last impression (relevant for post-view conversions) and opt-out information (marking that the user no longer wishes to be addressed) are usually stored as analysis values.

 

 

These cookies enable Google to recognize your web browser. If a user visits certain pages of an advertiser's website and the cookie stored on their end device has not yet expired, Google and the advertiser can recognize that the user clicked on the ad and was redirected to this page. A different cookie is assigned to each advertiser. Cookies can therefore not be tracked via the websites of advertisers. We ourselves do not collect and process any personal data in the aforementioned advertising measures. We only receive statistical evaluations from Google. Based on these evaluations, we can identify which of the advertising measures used are particularly effective. We do not receive any further data from the use of the advertising material; in particular, we cannot identify users on the basis of this information.

 

 

Due to the marketing tools used, your browser automatically establishes a direct connection to the Google server. We have no influence on the scope and further use of the data collected by using this tool by Google and therefore inform you according to our knowledge: By integrating Google Ads Conversion, Google receives the information that you have called up the corresponding part of our website or clicked on an advertisement from us. If you are registered with a Google service, Google can assign the visit to your account. Even if you are not registered with Google or have not logged in, there is a possibility that the provider will find out and store your IP address.

 

 

If the above-described processing takes place on the basis of cookies, these are only set if you have given us your explicit consent in accordance with Art. 6 Para. 1 lit. a GDPR. You can revoke your consent at any time with effect for the future by deactivating this service in the "Cookie Consent Tool" provided on the website.

 

 

If the above-described processing takes place without the use of cookies, the legal basis is our legitimate interest in direct advertising, provided that this takes place in accordance with data protection and competition law, in accordance with Art. 6 Para. 1 lit. f GDPR.

 

 

You can prevent participation in this tracking procedure in various ways: by setting your browser software accordingly, in particular the suppression of third-party cookies means that you will not receive any ads from third-party providers; by deactivating cookies for conversion tracking by setting your browser to block cookies from the domain "www.googleadservices.com", https://adssettings.google.com, whereby this setting will be deleted when you delete your cookies; by deactivating interest-based ads from providers that are part of the "About Ads" self-regulation campaign via the link https://optout.aboutads.info, whereby this setting will be deleted when you delete your cookies; by permanently deactivating it in your Firefox, Internet Explorer or Google Chrome browsers at the link https://support.google.com/ads/answer/7395996. Please note that in this case you may not be able to use all the functions of this offer to the full extent.

 

 

For data transfers to the USA, the provider has joined the EU-US Data Privacy Framework, which ensures compliance with the European data protection level on the basis of an adequacy decision by the European Commission.

 

 

Further information on data protection at Google can be found here: https://policies.google.com/privacy and https://services.google.com/sitestats/en.html. Alternatively, you can visit the website of the Network Advertising Initiative (NAI) at https://optout.networkadvertising.org.

 

 

8) Web analysis services

 

Google reCAPTCHA

 

 

On this website we use the function for recognizing bots, e.g. when entering into online forms ("reCAPTCHA") from Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google"). Legal basis is Art. 6 Para. 1 lit. f GDPR. Our legitimate interest is the security of our website and the prevention of unwanted, automated access, for example in the case of spam messages.

 

 

Data may also be transmitted to: Google LLC, USA. For the visual design of the Captcha window, the provider uses "Google Fonts", i.e. fonts loaded from the Internet by Google. This does not result in any further processing of information other than those mentioned above, which are already transmitted to Google via the functionality of ReCaptcha.

 

 

The service checks whether an entry is made by a natural person or abusively through machine and automated processing, and blocks spam, DDoS attacks and similar automated harmful access. To ensure that an action is carried out by a person and not by an automated bot, the provider collects the IP address of the device used, identification data of the browser and operating system type used, as well as the date and duration of the visit and transmits these for evaluation to the provider's servers. Cookies may be used here, i.e. small text files that are stored in the browser of the end device.

 

 

If the above-described processing takes place on the basis of cookies, these are only set if you have given us your explicit consent in accordance with Art. 6 Para. 1 lit. a GDPR. You can revoke your consent at any time with effect for the future by deactivating this service in the "Cookie Consent Tool" provided on the website.

 

 

If the above-described processing is carried out without the use of cookies, the legal basis is our legitimate interest in determining individual responsibility on the Internet and avoiding misuse and spam in accordance with Art. 6 Para. 1 lit. f GDPR.

 

 

We have concluded a data processing agreement with the provider, which ensures the protection of the data of our site visitors and prohibits unauthorized disclosure to third parties.

 

 

For data transfers to the USA, the provider has joined the EU-US Data Privacy Framework, which ensures compliance with the European data protection level on the basis of an adequacy decision by the European Commission.

 

 

Further information on Google's privacy policy can be found here: https://business.safety.google/intl/en/privacy/

 

 

9) Rights of the data subject

 

9.1 The applicable data protection law grants you the following rights of data subjects (information and intervention rights) vis-à-vis the controller with regard to the processing of your personal data, whereby reference is made to the cited legal basis for the respective exercise requirements:

 

 

Right of access according to Art. 15 GDPR;

 

Right to rectification according to Art. 16 GDPR;

 

Right to erasure according to Art. 17 GDPR;

 

Right to restriction of processing according to Art. 18 GDPR;

 

Right to notification according to Art. 19 GDPR;

 

Right to data portability according to Art. 20 GDPR;

 

Right to withdraw consent according to Art. 7 Para. 3 GDPR;

 

Right to lodge a complaint according to Art. 77 GDPR.

 

9.2 RIGHT TO OBJECT

 

 

IF WE PROCESS YOUR PERSONAL DATA ON THE BASIS OF A BALANCING OF INTERESTS DUE TO OUR OVERRIDING LEGITIMATE INTEREST, YOU HAVE THE RIGHT AT ANY TIME TO OBJECT TO THIS PROCESSING WITH EFFECT FOR THE FUTURE FOR REASONS ARISING FROM YOUR PARTICULAR SITUATION.

 

 

IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL END THE PROCESSING OF THE DATA CONCERNED. HOWEVER, FURTHER PROCESSING REMAINS RESERVED IF WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR THE PROCESSING WHICH OVERRIDE YOUR INTERESTS, RIGHTS AND FREEDOMS, OR IF THE PROCESSING SERVES THE ASSERTION, EXERCISE OR DEFENSE OF LEGAL CLAIMS.

 

 

IF YOUR PERSONAL DATA IS PROCESSED BY US FOR THE PURPOSE OF DIRECT MARKETING, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF PERSONAL DATA CONCERNING YOU FOR THE PURPOSE OF SUCH MARKETING. YOU CAN EXERCISE THE OBJECTION AS DESCRIBED ABOVE.

 

 

IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL END THE PROCESSING OF THE DATA CONCERNED FOR DIRECT MARKETING PURPOSES.

 

 

10) Duration of storage of personal data

 

The duration of the storage of personal data is based on the respective legal basis, the processing purpose and – if relevant – additionally on the respective statutory retention period (e.g. commercial and tax retention periods).

 

 

When processing personal data on the basis of explicit consent according to Art. 6 Para. 1 lit. a GDPR, the affected data is stored until you withdraw your consent.

 

 

If there are statutory retention periods for data that are processed within the framework of legal or legal-like obligations on the basis of Art. 6 Para. 1 lit. b GDPR, this data is routinely deleted after the retention periods have expired, provided that it is no longer required for contract fulfillment or contract initiation and/or we no longer have a legitimate interest in further storage.

 

 

When processing personal data on the basis of Art. 6 Para. 1 lit. f GDPR, this data is stored until you exercise your right to object according to Art. 21 Para. 1 GDPR, unless we can demonstrate compelling legitimate grounds for processing that override your interests, rights and freedoms, or the processing serves the assertion, exercise or defense of legal claims.

 

 

When processing personal data for the purpose of direct marketing on the basis of Art. 6 Para. 1 lit. f GDPR, this data is stored until you exercise your right to object according to Art. 21 Para. 2 GDPR.

 

 

Unless otherwise stated in the other information in this declaration about specific processing situations, stored personal data is otherwise deleted when it is no longer necessary for the purposes for which it was collected or otherwise processed.