Privacy Policy

The following Privacy Policy applies to the use of our website www.baeumeundso.org and its international version, translated into additional languages, www.tradochmiljo.se (hereinafter referred to as the “website”).

We attach great importance to data protection. We therefore collect and process your personal data in compliance with applicable data protection laws, especially the General Data Protection Regulation (GDPR). We collect and process your personal data to provide the aforementioned website. This Privacy Policy describes how and for what purpose your data are recorded and used and what options are available to you regarding your personal data.

By using this website, you consent to the recording, use and transfer of your data in accordance with this Privacy Policy.

Change your personal data privacy settings

 

1.) Controller

The controller responsible for the collection, processing and use of your personal data pursuant to Art. 4(7) GDPR is:

address

If you wish to object to the collection, processing or use of your data by us as specified in this Privacy Policy on the whole or with regard to individual measures, you can address your objection to the controller.

You can save and print out this Privacy Policy at any time.

 

2.) General use of the website

2.1.) Hosting

The hosting services that we use serve to make the following services available: infrastructure and platform services, computing capacity, storage space and database services, security services and technical maintenance services that we use for the purpose of operating the website.

When using these services, we, or our hosting provider, process master data, contact details, c ontent data, contract data, meta and communication data from customers, interested parties and visitors to this website based on our legitimate interested in the efficient and secure provision of this website pursuant to Art. 6 paragraph 1(f) GDPR in conjunction with Art. 28 GDPR.

2.2.) Access data

We collect information about you when you use this website. We automatically record information on your usage behaviour and interaction with us, as well as registered data concerning your computer or mobile device. We collect, store and use data on every visit to our website (so-called server log files). These access data include:

  • Name and URL of the file accessed

  • Time and date of access

  • Data volume transmitted

  • Notification of successful access (HTTP response code)

  • Browser type and browser version

  • Operating system

  • Referrer URL (of the page visited before accessing our website)

  • Websites that are accessed by the user’s system via our website

  • Internet service provider of the user

  • IP address and provider requesting access

We use these protocol data without assigning them to your identity or creating any other profile for statistical evaluations that support the operation, security and optimisation of our website, as well as for anonymously recording the number of visitors to our website (traffic) and the nature and scope of usage of our website and services and for accounting purposes to measure the number of clicks generated by our cooperation partners. Based on this information, we are able to provide personalised and location-based content and to analyse data traffic, search for and rectify errors and improve our services.

These purposes also represent our legitimate interest pursuant to Art. 6 paragraph 1(f) GDPR.

We reserve the right to check the protocol data at a later point in time if concrete indications justify suspicion of unlawful use of the website. We store IP addresses in the log files for a limited period if this is required for security purposes or for the performance or billing of services, for example when you use one of our services. If you have cancelled an order process or after we have received your payment, we will erase your IP address if it is no longer required for security purposes. We also store IP addresses in the event of concrete suspicion of a criminal offence in connection with the use of our website. We additionally save the data of your last visit (e.g. when registering, logging in, clicking on links, etc.) as part of your account.

2.3.) Cookies

We use so-called session cookies to optimise our website. A session cookie is a small text file that is sent by the respective services when you visit a website and is then stored temporarily on your hard drive. This specific file contains a so-called session ID that enables the different requests made by your browser to be allocated to the shared session. As a result, your computer can be recognised when you return to our website. These cookies are deleted once you have closed your browser. They are used, for example, to allow you to access several different pages after logging in.

We additionally use persistent cookies (also small text files that are stored on your device) to a limited extent. These cookies remain on your device and enable us to recognise your browser the next time you visit our website. These cookies are stored on your hard drive and erase themselves after the period of time specified, which can vary from 1 month to 10 years. Using these cookies enables us to present our website in a safer, more user-friendly and more effective way, for example to show you information specially tailored to meet your interests on the website.

The aim of making our website safer, more user-friendly and more effective constitutes our legitimate interest in using cookies pursuant to Art. 6 paragraph 1(f) GDPR.

The following data and information are stored in the cookies:

  • Login information

  • Language settings

  • Search terms entered

  • Information on the number of times you access our website and use individual functions of our website.

When the cookie is activated, it is allocated an identification number. Your personal data are not assigned to this identification number. Your name, IP address or similar data that would enable the cookie to be assigned to your identity are not stored in the cookie. Using the cookie technology only provides us with pseudonymised data, for example concerning which pages of our shop were visited, which products were viewed, etc.

You can change your browser settings so that you are informed about the installation of cookies in advance and can then decide whether to accept cookies in specific cases or in general or to completely reject all cookies. This may, however, limit the functionality of the website.

2.4.) E-mail contact

If you contact us (e.g. via our contact form or e-mail), we store your data to process your enquiry and in case any subsequent questions arise.

These purposes also represent our legitimate interest pursuant to Art. 6 paragraph 1(f) GDPR.

We only store and use further personal data if you grant us your consent to do so or if this is legally permitted without special consent.

2.5.) Analysis & tracking (e.g. using Google Analytics or Matomo)

We do not use any dedicated analysis and tracking tools on this website. Google Analytics, Matomo or other tools are therefore not integrated into this website.

2.6.) Storage duration

Unless specifically stated, we only store personal data for as long as is required to fulfil the intended purposes.

 

3.) Processing master data

We do not process any master data.

3.1.) Customer account

To gain secure access to a download area that can only be accessed by authorised visitors, you can register for this area by submitting your personal data in a request to the website owner.

For new registrations, we collect master data (e.g. name and address), communication data (e.g. e-mail address) and login data (user name and password).

To ensure that you log in to your account properly and to prevent unauthorised logins by third parties, you will only receive this access by submitting a direct request to the provider of this website and receiving a direct response from the provider.

You can request that we delete your customer account at any time without incurring any costs other than transmission costs according to the basic rates. To delete your account, simply inform us of your request in writing (e.g. via e-mail) using the contact details listed in section 1 of this Privacy Policy. We will then erase your stored personal data insofar as we no longer need to store them to complete orders or due to legal storage obligations.

3.2.) Newsletter

We do not offer a newsletter.

3.3.) Legal basis and storage duration

The legal basis for the data processing as specified in the text above is Art. 6 paragraph 1(a),(b),(f) GDPR. Our interests in data processing concern, in particular, the initiation, conclusion and execution of contracts, as well as direct marketing and product information.

Unless specifically stated, we only store personal data for as long as is required to fulfil the intended purposes or for as long as we are required to do so by law.
 

4.) Your rights as a data subject

According to the applicable legislation, you have various rights concerning your personal data. If you would like to assert these rights, please send your request via e-mail or post to the addresses listed in section 1 , “Controller”. Please ensure that you identify yourself clearly in your request.

You can find an overview of your rights below.

4.1.) Right to confirmation and access

You have the right to obtain confirmation from us as to whether or not personal data concerning you are being processed at any time. If this is the case, you have the right to obtain information on your saved personal data and a copy of these data free of charge.

You also have a right to obtain the following information:

  1. The purposes of the processing;

  2. The categories of personal data that are processed;

  3. The recipients or recipient categories to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations;

  4. Where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine this period;

  5. The existence of the right to request rectification or erasure of personal data or restriction of processing of personal data concerning the data subject from the controller or to object to such processing;

  6. The existence of a right to submit a complaint to a supervisory authority;

  7. If the personal data are not collected from you, all available information as to the source of the data;

  8. The existence of automated decision-making, including profiling, pursuant to Art. 22 paragraphs 1 and 4 GDPR and, at least in these cases, meaningful information on the logic involved and the significance and envisaged effects of such processing for you.

If personal data are transferred to a third country or to an international organisation, you have the right to be informed of the appropriate safeguards relating to the transfer pursuant to Art. 46 GDPR.

4.2.) Right to rectification

You have the right to obtain the rectification of inaccurate personal data concerning you from us without undue delay. Taking into account the purposes of the processing, you have the right to have incomplete personal data completed, including by means of providing a supplementary statement.

4.3.) Right to erasure (“right to be forgotten“)

Pursuant to Art. 17 paragraph 1 GDPR, you have the right to obtain from us the erasure of personal data concerning you without undue delay. In this case, we have the obligation to erase personal data without undue delay where one of the following grounds applies:

  1. Your personal data are no longer required for the purposes for which they were collected or otherwise processed.

  2. You withdraw consent on which the processing is based pursuant to Art. 6 paragraph 1 (a) GDPR or Art. 9 paragraph 2(a) GDPR and there is no other legal ground for the processing.

  3. You object to the processing pursuant to Art. 21 paragraph 1 GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Art. 21 paragraph 2 GDPR.

  4. The personal data have been unlawfully processed.

  5. The erasure of personal data is required for compliance with a legal obligation in accordance with Union or Member State law to which we are subject.

  6. The personal data were collected in relation to the offer of information society services pursuant to Art. 8 paragraph 1 GDPR.

If we have made the personal data accessible to the public and we are obliged to erase these data in accordance with Art. 17 paragraph 1 GDPR, we must, taking account of available technology and the cost of implementation, take reasonable steps, including technical measures, to inform controllers that are processing the personal data that you have requested that they erase all links to these personal data or copies or replications of these personal data.

4.4.) Right to restriction of processing

You have the right to obtain from us restriction of processing where one of the following applies:

  1. You contest the accuracy of the personal data, for a period that enables us to verify the accuracy of the personal data;

  2. The processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead;

  3. We no longer require the personal data for the purposes of the processing, but you require them for the establishment, exercise or defence of legal claims;

  4. You have objected to processing pursuant to Art. 21 paragraph 1 GDPR pending verification of whether the legitimate grounds of our company override your legitimate grounds.

4.5.) Right to data portability

You have the right to receive the personal data concerning you that you have provided us with in a structured, commonly used and machine-readable format. You also have the right to transmit these data to another controller without being hindered by us insofar as:

  1. the processing is based on consent pursuant to Art. 6 paragraph 1(a) GDPR or Art. 9 paragraph 2(a) GDPR or on a contract pursuant to Art. 6 paragraph 1(b) GDPR; and

  2. the processing is carried out by automated means.

In exercising your right to data portability pursuant to paragraph 1, you have the right to have the personal data transmitted directly by us to another controller where technically feasible.

4.6.) Right to object

You have the right to object to the processing of personal data concerning you which is based on Art. 6 paragraph 1(e)or(f) GDPR, including profiling based on these provisions, at any time on grounds relating to your particular situation. We will then no longer process your personal data unless we can provide evidence of compelling legitimate grounds for the processing that outweigh your interests, rights and freedoms or the processing is required in order to assert, exercise or defend legal claims.

If we process personal data concerning you for direct marketing purposes, you have the right to object to the processing of the personal data concerning you for such marketing at any time. This includes profiling to the extent that it is related to such direct marketing.

Where personal data are processed for scientific or historical research purposes or statistical purposes pursuant to Art. 89 paragraph 1 GDPR, you, on grounds relating to your particular situation, have the right to object to the processing of personal data concerning you, unless the processing is necessary for the performance of a task carried out for reasons of public interest.

4.7.) Automated decision-making, including profiling

You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.

Automated decision-making based on the personal data collected does not take place.

4.8.) Right to withdraw consent under data protection law

You have the right to withdraw your consent to the processing of personal data at any time.

4.9.) Right to lodge a complaint with a supervisory authority

You have the right to lodge a complaint with a supervisory authority, especially in the member state of your habitual residence, your place of work or the location in which the alleged infringement took place, if you believe that the processing of your personal data is unlawful.

 

5.) Data security

We make every effort to ensure the security of your data in accordance with applicable data protection laws and technical means.

We encrypt your personal data before transmitting them. This applies to both your orders and customer login details. Although we use the encryption system SSL (Secure Sockets Layer), please note that data transfers on the Internet (e.g. via e-mail communication) may involve security vulnerabilities. Complete protection of data against third-party access is not possible.

We ensure the security of your data by using technical and organisational measures pursuant to Art. 32 GDPR. We consistently update these measures to use the best available technology.

Furthermore, we do not guarantee that our website is available at specific times; disturbances, interruptions or downtime cannot be excluded. The servers that we use are carefully backed up on a regular basis.

 

6.) Transmission of data to third parties, no data transfer to non-EU states

We generally only use your personal data within our company.

If, and insofar as, we consult third parties (such as logistics service providers) within the context of executing contracts, these third parties only receive data to the extent that data transfer is required for the corresponding service.

If we outsource certain aspects of data processing (commissioned data processing), we ensure that the processor contractually commits to only use personal data in accordance with the requirements of data protection laws and to guarantee the protection of the rights of the data subject.

The transfer of data to organisations or individuals outside the EU, other than in the cases specified in section 2 of this Privacy Policy, does not take place and is not planned.

 

This Privacy Policy is based on the template produced in accordance with GDPR requirements by the lawyer Maximilian Greger, website: http://www.law-blog.de