Privacy Policy
We Take Data Protection Seriously
Protecting your privacy during the processing of personal data is of utmost importance to us. When you visit our website, our web servers automatically store the IP address of your Internet Service Provider, the website from which you visit us, the web pages you visit on our site, as well as the date and duration of the visit. This information is essential for the technical transmission of the web pages and the secure operation of the server. We do not conduct any personalized analysis of this data.
Controller:
Löffler GmbH
Rosenstraße 8
91244 Reichenschwand
Authorized Managing Director: Werner Löffler
Phone: +49 (0) 91 51 – 83 00 8 - 0
Fax: +49 (0) 91 51 – 83 00 8 – 88
Email: info@loeffler.de (general inquiries)
Email: datenschutz@loeffler.de (internal data protection team)
Personal Data
Personal data refers to data about your person, including your name, address, and email address. You are not required to disclose any personal data to visit our website. However, in some cases, we need your name, address, and other information to provide you with the service you requested.
The same applies if we provide you with informational material or respond to your inquiries. In these cases, we will always inform you accordingly. Additionally, we store only the data that you have provided to us either automatically or voluntarily.
If you use one of our services, we typically collect only the data necessary to provide you with our service. We may ask for additional information, but this is voluntary. Whenever we process personal data, we do so to provide you with our service or to pursue our commercial objectives.
Contacting Us
When you contact us (e.g., via contact form, email, phone, or social media), the information of the inquiring person is processed to the extent necessary to respond to the contact inquiries and any requested actions. The response to contact inquiries within the scope of contractual or pre-contractual relationships is carried out to fulfill our contractual obligations or to respond to (pre-)contractual inquiries and otherwise on the basis of our legitimate interest in responding to the inquiries.
- Types of Data Processed: Basic data (e.g., first name, last name, company name, addresses), contact data (e.g., email, phone numbers).
- Affected Persons: Communication partners.
- Purposes of Processing: Contact inquiries and communication.
- Legal Basis: Contract fulfillment and pre-contractual inquiries (Art. 6 para. 1 lit. b GDPR), legitimate interests (Art. 6 para. 1 lit. f GDPR), consent (Art. 6 para. 1 lit. a GDPR; Art. 9 para. 2 lit. a GDPR).
Automatically Stored Data
Server Log Files
The provider of the pages automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. These include:
- Date and time of the request
- Name of the requested file
- Page from which the file was requested
- Access status (file transferred, file not found, etc.)
- Used web browser and operating system
- Full IP address of the requesting computer
- Transferred data amount
This data is not merged with other data sources. Processing is based on Art. 6 para. 1 lit. f GDPR on the basis of our legitimate interest in improving the stability and functionality of our website. For technical security reasons, especially to prevent attacks on our web server, this data is stored temporarily by us. It is not possible for us to infer individual persons from this data. The data will be anonymized after seven days at the latest by shortening the IP address at the domain level, so that it will no longer be possible to relate the data to any specific user. The data is processed in anonymized form for statistical purposes; no comparison with other data sets or transmission to third parties, even in excerpts, takes place.
Cookies
When you visit our website, we may store information on your computer in the form of cookies. Many cookies contain what is known as a cookie ID. A cookie ID is a unique identifier of the cookie. It consists of a string through which websites and servers can be assigned to the specific internet browser in which the cookie was stored. This enables the visited websites and servers to distinguish the individual browser of the data subject from other internet browsers that contain different cookies. A particular internet browser can be recognized and identified using the unique cookie ID.
By using session cookies, the controller can provide the users of this website with more user-friendly services that would not be possible without the cookie setting. Without consent, we use only technically necessary cookies based on the legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR.
Personalized cookies to improve our website or for marketing/advertising purposes are only used with your consent. On your first visit, you can voluntarily consent to tracking or analysis via the displayed cookie banner. If applicable, your data may be passed on to partners or third-party providers. These cookies will only be stored if you expressly consent; the legal basis is your consent according to Art. 6 para. 1 lit. a GDPR in conjunction with § 25 para. 1 TDDDG.
You can change your settings regarding the use of cookies here at any time by klicking on the paperclip in the lower left corner of the webpage.
GDPR Legal Cookiebot
Our website uses Cookiebot to obtain your consent for storing certain cookies on your device or using certain technologies and to document this in a data protection-compliant manner. The provider of this technology is Usercentrics A/S, Havnegade 39,1058 Copenhagen, Denmark (hereinafter "Cookiebot").
When you enter our website, a connection to Cookiebot's servers is established to obtain your consents and other declarations regarding cookie use. Cookiebot then stores a cookie in your browser to be able to allocate the consents given or their withdrawal. The data collected in this way is stored until you request us to delete it, delete the Shopify cookie yourself, or the purpose for data storage no longer applies. Mandatory statutory retention obligations remain unaffected. Details can be found at: https://www.cookiebot.com/en/privacy-policy/
The use of Cookiebot is to obtain the legally required consents for the use of cookies. The legal basis for this is Art. 6 para. 1 lit. c GDPR.
We have concluded a data processing agreement (DPA) pursuant to Art. 28 GDPR with the above-mentioned provider. This is a legally required contract that ensures the provider processes the personal data of our website visitors only according to our instructions and in compliance with the GDPR.
Shopify
We host our website with Shopify International Limited, Victoria Buildings, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland (hereinafter "Shopify").
Shopify is a tool for creating and hosting websites. When you visit our website, Shopify collects your IP address as well as information about the device you are using and your browser. Shopify also analyzes visitor numbers, visitor sources, customer behavior, and creates user statistics. If you make a purchase on our website, Shopify also collects your name, email address, shipping and billing addresses, payment data, and other information related to the purchase (e.g., phone number, transaction amounts, etc.). Shopify stores cookies in your browser for analysis purposes.
For more details, please refer to Shopify's Privacy Policy: https://www.shopify.de/legal/datenschutz.
The use of Shopify is based on Art. 6 para. 1 lit. f GDPR. We have a legitimate interest in a reliable presentation of our website. If consent is requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG, insofar as the consent includes the storage of cookies or access to information on the user's device (e.g., device fingerprinting) within the meaning of the TDDDG. The consent can be revoked at any time.
We have concluded a data processing agreement (DPA) pursuant to Art. 28 GDPR with the above-mentioned provider. This is a legally required contract that ensures the provider processes the personal data of our website visitors only according to our instructions and in compliance with the GDPR.
Registration on the Website
The data subject has the option to register on the website of the data controller by providing personal data. The following personal data is collected during registration: Name, address, phone number, email address, date of birth, bank data.
When registering on the website of the data controller, the IP address assigned by the Internet Service Provider (ISP) of the data subject, the date, and time of registration are also stored. This data is stored to prevent the misuse of our services and, if necessary, to enable the investigation of criminal offenses. Therefore, the storage of this data is necessary for the protection of the data controller. This data is not disclosed to third parties unless there is a legal obligation to disclose or if the disclosure serves law enforcement purposes.
The registration of the data subject, with voluntary provision of personal data, is intended to allow the data controller to offer content or services that can only be offered to registered users due to the nature of the matter. Registered persons are free to change or delete the personal data provided during registration at any time.
You are obliged to treat your personal access data confidentially and not to make them accessible to unauthorized third parties. We cannot be held liable for misused passwords unless we are responsible for the misuse.
With the "stay logged in" function, we want to make your visit to our website as pleasant as possible. This
function allows you to use our services without having to log in again each time. For security reasons, you will be asked to enter your password again when, for example, your personal data is changed or you want to place an order. We recommend not using this function if the computer is used by multiple users. Please note that the "stay logged in" function is not available if you use a setting that automatically deletes stored cookies after each session.
Data Transfer for Contract Execution and Shipping
If you order goods from us, we will pass on your personal data to the company entrusted with the delivery and to the payment service provider responsible for processing the payment. Only the data necessary for fulfilling the respective task will be disclosed. The legal basis for this is Art. 6 para. 1 lit. b GDPR, which allows the processing of data for the fulfillment of a contract or pre-contractual measures. If you have given your consent according to Art. 6 para. 1 lit. a GDPR, we will pass on your email address to the company entrusted with the delivery so that they can inform you via email about the shipping status of your order; you can revoke your consent at any time.
Payment Services
We integrate payment services from third-party companies on our website. If you make a purchase from us, your payment data (e.g., name, payment amount, account details, credit card number) will be processed by the payment service provider for the purpose of payment processing. For these transactions, the respective contractual and data protection provisions of the providers apply. The use of payment service providers is based on Art. 6 para. 1 lit. b GDPR (contract processing) and in the interest of a smooth, convenient, and secure payment process (Art. 6 para. 1 lit. f GDPR). Insofar as consent is requested for certain actions, Art. 6 para. 1 lit. a GDPR in conjunction with §25 para. 1 TDDDG is the legal basis for data processing; consents can be revoked at any time.
The following payment services/providers are used on this website:
PayPal
Provider of this payment service is PayPal (Europe) S.à.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter "PayPal").
Data transfer to the USA is based on the EU Commission's Standard Contractual Clauses.
For details, see: https://www.paypalobjects.com/marketing/ua/pdf/CH/de/c2c-sccs.pdf
For details, please refer to PayPal's Privacy Policy:
https://www.paypal.com/myaccount/privacy/privacyhub
https://www.paypal.com/ch/webapps/mpp/ua/legalhub-full?locale.x=de_CH
Mastercard
Provider of this payment service is Mastercard Europe SA, Chaussée de Tervuren 198A, B-1410 Waterloo, Belgium (hereinafter "Mastercard").
Mastercard may transfer data to its parent company in the USA. Data transfer to the USA is based on Mastercard's Binding Corporate Rules (as of March 2022). For details, see:
https://www.mastercard.de/de-de/datenschutz.html and
https://www.mastercard.us/content/dam/mccom/global/documents/mastercard-bcrs.pdf.
VISA
Provider of this payment service is Visa Europe Services Inc., Branch Office London, 1 Sheldon Square, London W2 6TT, United Kingdom (hereinafter "VISA").
The United Kingdom is considered a third country with an adequate level of data protection. This means that the United Kingdom has a data protection level equivalent to that in the European Union.
VISA may transfer data to its parent company in the USA. Data transfer to the USA is based on the EU Commission's Standard Contractual Clauses. For details, see:
https://www.visa.de/nutzungsbedingungen/visa-globale-datenschutzmitteilung.html.
Further information can be found in VISA's Privacy Policy:
https://www.visa.de/nutzungsbedingungen/visa-privacy-center.html
https://www.visa.de/nutzungsbedingungen/visa-globale-datenschutzmitteilung.html.
Sofortüberweisung
Provider of this payment service is Sofort GmbH, Theresienhöhe 12, 80339 Munich, Germany (hereinafter "Sofort GmbH"). With the "Sofortüberweisung" process, we receive a real-time payment confirmation from Sofort GmbH and can immediately begin fulfilling our obligations. If you have chosen the "Sofortüberweisung" payment method, you will transmit the PIN and a valid TAN to Sofort GmbH, which can then log into your online banking account. After logging in, Sofort GmbH automatically checks your account balance and conducts the transfer to us using the TAN you provided. It then sends us an immediate transaction confirmation. After logging in, your transactions, the credit limit of the overdraft facility, the presence of other accounts, and their balances are also automatically checked. In addition to the PIN and TAN, the payment data you entered, as well as data about your person, are transmitted to Sofort GmbH. This data includes your first and last name, address, phone number(s), email address, IP address, and any other data necessary for payment processing. This data transfer is necessary to verify your identity beyond doubt and to prevent fraud attempts. For details on payment with Sofortüberweisung, please see: https://cdn.klarna.com/1.0/shared/content/legal/terms/de/bt_payment_data_privacy.
Klaviyo
This website uses Klaviyo services for newsletter distribution. The provider is Klaviyo, 225 Franklin St, Boston, MA 02110, USA.
Klaviyo is a service that helps to organize and analyze the distribution of newsletters. If you enter data for newsletter subscription (e.g., email address), it will be stored on Klaviyo's servers in the USA.
With Klaviyo's help, we can analyze our newsletter campaigns. When you open an email sent via Klaviyo, a file contained in the email (known as a web beacon) connects to Klaviyo's servers in the USA. This allows us to determine whether a newsletter message has been opened and which links, if any, have been clicked. Additionally, technical information is collected (e.g., time of retrieval, IP address, browser type, and operating system). This information cannot be associated with the respective newsletter recipient and is used solely for the statistical analysis of newsletter campaigns. The results of these analyses can be used to better tailor future newsletters to the interests of recipients.
If you do not want Klaviyo to analyze your data, you must unsubscribe from the newsletter. We provide a corresponding link in each newsletter message. The data processing is based on your consent (Art. 6 para. 1 lit. a GDPR in conjunction with § 25 para. 1 TDDDG). You can revoke your consent at any time by unsubscribing from the newsletter. The legality of the data processing already carried out remains unaffected by the revocation.
The data you provide for the purpose of receiving the newsletter will be stored by us until you unsubscribe from the newsletter and will be deleted from our newsletter list after you unsubscribe. Data that we have stored for other purposes remain unaffected by this.
Klaviyo relies on the Transatlantic Data Privacy Framework of July 10, 2023 (TADPF) and, in the case of data transfers to other third countries, on EU Commission-approved standard contractual clauses to ensure a level of data protection comparable to that in the EU.
For details, see: https://www.klaviyo.com/legal/dpa.
After you unsubscribe from the newsletter list, your email address may be stored in a blacklist to prevent future mailings if necessary. The data from the blacklist is used solely for this purpose and is not merged with other data. This serves both your interest and our interest in complying with legal requirements when sending newsletters (legitimate interest under Art. 6 para. 1 lit. f GDPR). The storage in the blacklist is not time-limited. You can object to the storage, provided that your interests outweigh our legitimate interest.
For more details, please refer to Klaviyo's Privacy Policy:
https://www.klaviyo.com/legal/privacy-notice
We have concluded a data processing agreement (DPA) pursuant to Art. 28 GDPR with the above-mentioned provider. This is a legally required contract that ensures the provider processes the personal data of our website visitors only according to our instructions and in compliance with the GDPR.
Google Web Fonts (Local Hosting)
This site uses web fonts provided by Google for uniform font representation. The Google Fonts are installed locally. No connection to Google's servers is made in this process.
For more information about Google Web Fonts, see:
https://developers.google.com/fonts/faq and Google's Privacy Policy:
https://policies.google.com/privacy?hl=en.
Adobe Fonts
This website uses web fonts from Adobe for the uniform presentation of certain fonts. The provider is Adobe Systems Incorporated, 345 Park Avenue, San Jose, CA 95110-2704, USA (Adobe).
When you access this website, your browser loads the necessary fonts directly from Adobe to display them correctly on your device. Your browser connects to Adobe's servers in the USA. This allows Adobe to know that your IP address accessed this website. According to Adobe, no cookies are stored when providing the fonts.
Data storage and analysis are based on Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in the uniform presentation of the font on its website. If consent has been requested, processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR and §25 para. 1 TDDDG, insofar as the consent includes the storage of cookies or access to information on the user's device (e.g., device fingerprinting) within the meaning of the TDDDG. Consent can be revoked at any time.
Data transfer to the USA is based on the EU Commission's Standard Contractual Clauses.
For details, see: https://www.adobe.com/de/privacy/eudatatransfers.html.
For more information on Adobe Fonts, visit: https://www.adobe.com/de/privacy/policies/adobe-fonts.html.
You can find Adobe's Privacy Policy at: https://www.adobe.com/de/privacy/policy.html.
For What Purposes and on What Legal Basis Are Data Processed?
We process your data in accordance with the provisions of the General Data Protection Regulation (GDPR) and the Federal Data Protection Act 2018, as amended:
- To Fulfill (Pre-)Contractual Obligations (Art. 6 para. 1 lit. b GDPR): Your data is processed for contract execution online or at our business location. Data is processed particularly when initiating and executing contracts with you.
- To Fulfill Legal Obligations (Art. 6 para. 1 lit. c GDPR): Processing your data is necessary to fulfill various legal obligations, such as those arising from the Commercial Code or the Fiscal Code.
- To Protect Legitimate Interests (Art. 6 para. 1 lit. f GDPR): Data processing may extend beyond the actual fulfillment of the contract to protect our or third parties' legitimate interests based on a balance of interests. Data processing to protect legitimate interests is carried out in the following cases:
- Advertising or marketing (see No. 4)
- Measures to manage and further develop services
- Maintaining an internal customer database to improve customer service
- Legal enforcement
- Sending non-promotional information and press releases.
- If You Have Given Us Consent to Process Your Data (Art. 6 para. 1 lit. a GDPR and/or Art. 9 para. 2 lit. a GDPR (Processing of Special Categories of Personal Data)
Processing Personal Data for Advertising Purposes
You may object to the use of your personal data for advertising purposes at any time, either in total or for individual measures, without incurring other than transmission costs according to basic rates.
Under the legal requirements of § 7 para. 3 UWG, we are entitled to use the email address you provided at the time of contract conclusion for direct advertising of our own or similar services. You will receive this information from us regardless of whether you have subscribed to a newsletter. If you no longer wish to receive such recommendations via email, you can object to the use of your address for this purpose at any time, without incurring other than transmission costs according to basic rates. A written notice is sufficient for this. Naturally, there is always an unsubscribe link in every email.
Who Receives My Data?
If we use a service provider in the context of order processing, we remain responsible for protecting your data. All data processors are contractually obligated to treat your data confidentially and to process it only within the scope of service provision. The processors we commission will receive your data only if they need it to fulfill their respective task.
Your data is processed in our customer database. The customer database helps improve the data quality of existing customer data (duplicate cleansing, moved/deceased identifiers, address correction) and allows enrichment with data from public sources. Customer data is stored company-related and separately. If there is a legal obligation and in the context of legal enforcement, authorities and courts, as well as external auditors, may be recipients of your data. In addition, insurance companies, banks, credit agencies, and service providers may be recipients of your data for the purpose of initiating and fulfilling contracts.
How Long Are My Data Stored?
We process your data until the end of the business relationship or until the expiration of the applicable statutory retention periods (e.g., from the Commercial Code, Fiscal Code); beyond this, until the conclusion of any legal disputes in which the data is required as evidence.
Are Personal Data Transferred to a Third Country?
As a rule, we do not transfer any data to a third country. A transfer only takes place in individual cases based on an adequacy decision by the European Commission, standard contractual clauses, appropriate guarantees, or your explicit consent.
Online Presence on INSTAGRAM, Facebook, Pinterest, and X
Our website uses social buttons from social networks. These are integrated into the site as HTML links only, so no connection to the servers of the respective provider is established when you visit our website. If you click on one of the buttons, the website of the respective social network will open in a new window of your browser. There, you can, for example, use the Like or Share button.
If you have given your consent according to Art. 6 para. 1 sentence 1 lit. a GDPR to the respective social media operator, your data will be automatically collected and stored for market research and advertising purposes when visiting our online presence on the aforementioned social networks, from which usage profiles are created using pseudonyms. These can be used, for example, to place advertisements within and outside the platforms that presumably correspond to your interests. In most cases, cookies are used for this purpose. The detailed information on the processing and use of the data by the respective social media operator, as well as a contact option and your rights and settings options to protect your privacy, can be found in the linked data protection notices of the providers below. Should you still need assistance in this regard, you can contact us
Security
We have taken technical and administrative security precautions to protect your personal data against loss, destruction, manipulation, and unauthorized access. All our employees and service providers are committed to the applicable data protection laws.
Whenever we collect and process personal data, it is encrypted before being transmitted. This means that your data cannot be misused by third parties. Our security measures are subject to a continuous improvement process, and our privacy policies are constantly being revised. Please ensure that you have the latest version.
Data Subject Rights
You have the right to access, rectify, delete, or restrict the processing of your stored data at any time, as well as the right to object to the processing and the right to data portability, in accordance with the conditions of data protection law.
Right of Access:
You can request information from us on whether and to what extent we process your data.
Right to Rectification:
If we process your data that is incomplete or incorrect, you can request its rectification or completion at any time.
Right to Deletion:
You can request the deletion of your data if we process it unlawfully or if the processing disproportionately interferes with your legitimate protection interests. Please note that there may be reasons that prevent immediate deletion, such as in the case of legally regulated retention obligations.
Irrespective of your right to deletion, we will delete your data immediately and completely, provided that there are no legal or contractual obligations to retain it.
Right to Restriction of Processing:
You can request the restriction of the processing of your data if:
- You contest the accuracy of the data, for a period that allows us to verify the accuracy of the data.
- The processing of the data is unlawful, but you refuse deletion and instead request restriction of data use.
- We no longer need the data for the intended purpose, but you still require this data for the establishment, exercise, or defense of legal claims, or
- You have objected to the processing of the data.
Right to Data Portability:
You can request that we provide you with your data, which you have provided to us, in a structured, commonly used, and machine-readable format, and that you can transmit this data to another controller without hindrance by us, provided that:
- We process this data based on your consent, which can be revoked, or for the fulfillment of a contract between us, and
- The processing is carried out using automated procedures.
Where technically feasible, you can request a direct transfer of your data to another controller.
Right to Object:
If we process your data based on legitimate interests, you can object to this data processing at any time; this also applies to profiling based on these provisions. We will then no longer process your data unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or the processing is for the establishment, exercise, or defense of legal claims. You can object to the processing of your data for direct marketing purposes at any time without giving reasons.
Right to Lodge a Complaint:
If you believe that we are processing your data in breach of German or European data protection law, we ask you to contact us to clarify any questions. Of course, you also have the right to contact the data protection supervisory authority responsible for you, the respective state office for data protection supervision.
If you wish to assert any of the rights mentioned against us, please contact our data protection officer. In case of doubt, we may request additional information to confirm your identity.
Changes to This Privacy Policy
We reserve the right to change our privacy policies if this becomes necessary due to new technologies. Please ensure that you have the latest version. If there are fundamental changes to this privacy policy, we will announce them on our website.
All interested parties and visitors to our website can reach us in data protection matters at:
Mr. Fabian Fromm
Projekt 29 GmbH & Co. KG
Ostengasse 14
93047 Regensburg
Phone: 0941 2986930
Fax: 0941 29869316
Email: anfragen@projekt29.de
Internet: www.projekt29.de