DATA PROTECTION DECLARATION
With this data protection declaration, we inform you as the data controller in accordance with the provisions of Regulation (EU) 2016/679 (General Data Protection Regulation - GDPR) about the nature, scope, and purpose of the processing of personal data in connection with our internet offering.
"Personal data" means any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or one or more specific characteristics expressing the physical, physiological, genetic, psychological, economic, cultural, or social identity of that natural person;
"Processing" means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination, or otherwise making available, alignment or combination, restriction, erasure or destruction;
"Controller" means the natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law;
"Recipient" means a natural or legal person, public authority, agency, or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing.
II. General Information
MAGS Vertriebs GmbH
Stuttgarter Str. 20
Contact Details of the Data Protection Officer
We have not appointed a data protection officer and are not obligated to appoint one.
Legal Bases for Processing
We process personal data based on at least one of the following legal bases:
Consent of the data subject to the processing of their personal data for one or more specific purposes (Art. 6(1)(a) GDPR);
Performance of a contract with the data subject or in order to take steps at the request of the data subject prior to entering into a contract (Art. 6(1)(b) GDPR);
Compliance with a legal obligation to which we are subject (Art. 6(1)(c) GDPR);
Protection of our legitimate interests or those of a third party (Art. 6(1)(f) GDPR).
In this data protection declaration, we will specify the legal basis for each processing operation.
Disclosure of Data to Recipients
We only disclose personal data to recipients (data processors or other third parties) to the extent necessary and only under one of the following conditions:
The data subject has given their consent to the disclosure;
Disclosure is necessary for the performance of contractual obligations or for pre-contractual measures at the request of the data subject;
We are legally obligated to disclose the data;
Disclosure is based on our legitimate interests or those of a third party.
The transmission of personal data to a country or international organization outside the European Union (EU) or the European Economic Area (EEA) is subject to legal or contractual permissions only under the conditions set out in Art. 44 et seq. GDPR. This means that an adequacy decision of the EU Commission pursuant to Art. 45 GDPR exists for the relevant country, appropriate safeguards for data protection pursuant to Art. 46 GDPR are in place, or binding corporate rules pursuant to Art. 47 GDPR exist.
Data Subject Rights
As a data subject, you have the following rights:
In accordance with Art. 15 GDPR, you can request information about your personal data processed by us; in particular, you can request information about the processing purposes, the categories of personal data processed, the recipients or categories of recipients to whom your data has been or will be disclosed, the planned storage duration or the criteria for determining the storage duration, the origin of your data, if it was not collected from you, the existence of automated decision-making, including profiling, and, if applicable, meaningful information about its details such as logic, scope, and effects, the existence of a right to rectification or erasure of your personal data, the right to restrict processing or to object to such processing, the existence of a right to lodge a complaint with a supervisory authority; finally, you have the right to know whether personal data has been transferred to a third country or to an international organization and, if so, about the appropriate safeguards related to the transfer.
In accordance with Art. 16 GDPR, you can request the immediate correction of incorrect or incomplete personal data stored by us.
In accordance with Art. 17 GDPR, you can request the deletion of your personal data stored by us, unless the processing is necessary for exercising the right to freedom of expression and information, for compliance with a legal obligation, for reasons of public interest, or for the establishment, exercise, or defense of legal claims.
In accordance with Art. 18 GDPR, you can request the restriction of the processing of your personal data, to the extent that the accuracy of the data is contested by you, the processing is unlawful, but you oppose its erasure, and we no longer need the data, but you require it for the assertion, exercise, or defense of legal claims or you have objected to processing pursuant to Art. 21 GDPR.
In accordance with Art. 20 GDPR, you have the right to receive your personal data that you have provided to us in a structured, commonly used, and machine-readable format, or to request its transmission to another controller.
In accordance with Art. 21 GDPR, you can object to the processing of your personal data if there are reasons arising from your particular situation or the objection is directed against direct marketing and the legal basis for the processing of personal data is our legitimate interest according to Art. 6(1)(f) GDPR.
In accordance with Art. 7(3) GDPR, you can revoke your consent given to us at any time. This has the consequence that we may no longer continue the data processing based on this consent in the future.
In accordance with Art. 77 GDPR, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work, or place of the alleged infringement.
If you wish to exercise the aforementioned data subject rights, you can contact us at any time using the contact details provided above.
Deletion and Restriction of Personal Data
Unless otherwise specified in this data protection declaration for specific cases, personal data will be deleted when they are no longer necessary for the purposes for which they were collected or otherwise processed, and when there are no legal retention obligations preventing their deletion. We will also delete the personal data processed by us upon request in accordance with Article 17 GDPR if the conditions specified therein are met. If personal data is required for other legally permissible purposes, it will not be deleted, but its processing will be restricted in accordance with Article 18 GDPR. In the case of restriction, the data will not be processed for other purposes. This applies, for example, to personal data that must be retained by us for commercial or tax law reasons. Documents are kept for 6 years according to § 257(1)(2) and (3) HGB as well as § 147(1)(2), (3), and (5) AO, and for 10 years according to § 257(1)(1) and (4) HGB as well as § 147(1)(1), (4), and (4a) AO.
Cookies are used as part of our internet offering. Cookies are small text files that your browser automatically creates and stores on your device (e.g., laptop, tablet, smartphone, PC) when you visit our site. Cookies do not harm your device, contain no viruses or other malicious software. The cookie stores information that is related to the specific device being used. However, this does not mean that we immediately gain knowledge of your identity. Cookies primarily serve to make the internet offering more user-friendly, effective, and secure.
We use session cookies to recognize during your visit to our site that you have already visited individual pages of our internet offering. Certain functionalities are also provided by such cookies. Session cookies are deleted after your visit to our internet offering ends.
The data processed by cookies are necessary for the purposes mentioned above to safeguard our legitimate interests and those of third parties in accordance with Article 6(1)(f) GDPR.
III. Individual Processing Operations
To provide our internet offering, we use services from hosting companies, such as providing web servers, storage space, database services, security services, and maintenance services. In doing so, we or our hosting provider process personal data of users of our internet offering based on our legitimate interests in an efficient and secure provision of this online offering in accordance with Article 6(1)(f) GDPR.
Access Data and Log Files
When you access our internet offering or individual pages, information is automatically sent to the server of our internet offering by your browser on your device. This information is stored by us or our hosting provider in so-called log files and deleted at the latest after 6 months.
The following information is stored:
IP address of the requesting computer,
Date and time of access,
Name and URL of the retrieved file,
Website from which access is made (referrer URL),
Browser used and, if applicable, the operating system of your computer,
Status codes and transferred data volume,
Name of your access provider.
This data is processed for the following purposes:
Provision of the internet offering, including all functions and content,
Ensuring smooth connection to the website,
Ensuring convenient use of our website,
Ensuring system security and stability,
Anonymous statistical evaluation of accesses,
Optimizing the website,
Disclosure to law enforcement authorities if an unlawful interference/attack on our systems has occurred,
Other administrative purposes.
The legal basis for data processing is Article 6(1)(f) GDPR. Our legitimate interest arises from the purposes of data collection outlined above. In no case do we use the collected data to draw conclusions about a person.
Contact Form / Other Contact
If you use the contact form, you will be asked to provide your name, address, and email address, and possibly other contact details, so that we can get in touch with you personally. Further details can be provided voluntarily. The data processing for the purpose of contacting us and responding to your request is carried out in accordance with Article 6(1)(a) GDPR based on your voluntary consent. All personal data collected in connection with the contact form will be deleted after your request has been processed, unless retention is necessary for the documentation of other processes (e.g., subsequent contract conclusion).
If you contact us using the contact details published on our internet offering (e.g., by email) and provide us with personal data in this context, we will use this data exclusively to process your request and delete it afterward.
If you wish to receive our newsletter, we need your email address. The data processing for the purpose of sending the newsletter is carried out in accordance with Article 6(1)(a) GDPR based on your voluntary consent using the so-called double opt-in procedure. The email address is used and stored for this purpose until you revoke your consent or unsubscribe from receiving the newsletter. Unsubscribing is possible at any time, for example, via a link at the end of each newsletter. Alternatively, you can also send your revocation/unsubscription request at any time to the email address mentioned in section II.
We send our newsletters with a so-called tracking pixel. A tracking pixel is a miniature graphic embedded in the HTML format of the sent newsletter to allow analysis of reading behavior. In this context, we store whether and at what time a newsletter was opened by you and which of the links contained in the newsletter you clicked on. We use this data to create statistical evaluations of the success or failure of a marketing campaign, to optimize the newsletter distribution, and to better tailor the content of future newsletters to your interests. The data collected is not shared with third parties and is deleted after the statistical analysis.
Registration / User Account
You have the option to register on our website by providing personal data. Registration is voluntary and is carried out under Article 6(1)(a) of the GDPR based on your voluntary consent. The specific personal data to be transmitted during registration is determined by the respective input mask used for registration. The collected personal data will be used for the purposes of our services and for contacting you with relevant information related to our services and registration. Through a personal user account, you can view your personal data and make changes to this data. Your data will be stored until you delete the user account or instruct us to delete your data. If we are required to retain your personal data due to legal, especially tax and commercial retention periods, the processing of your personal data will be restricted until the expiration of the retention periods, and then the data will be deleted.
When you register on our website or use the user account, we store the IP address and the timestamp of the respective usage action. Storage is based on our legitimate interests under Article 6(1)(f) of the GDPR to provide our services. Storage also serves your interest in protecting you from misuse and other unauthorized use. The user account and the data stored in connection with it also serve, in particular, to facilitate shopping, access to historical orders, and the writing of customer reviews. In general, this data is not disclosed to third parties unless it is necessary to fulfill contractual obligations under Article 6(1)(b) of the GDPR or to pursue any claims we may have, or there is a legal obligation to do so under Article 6(1)(c) of the GDPR. IP addresses are anonymized or deleted no later than 7 days after the fact.
In connection with, and for the purpose of fulfilling pre-contractual measures and contractual obligations through our website, which are initiated by the data subject, we process the data necessary for contract fulfillment. This includes:
Data of the contract partner, such as name, address, and contact details, if applicable, different delivery or billing addresses or recipients, and, if necessary, the date of birth;
Contract data, such as the subject matter of the contract, duration, customer category;
Payment data such as bank details, credit card information, payment history.
The legal basis for data processing is Article 6(1)(b) of the GDPR.
The data will only be disclosed to third parties to the extent necessary to fulfill pre-contractual measures and contractual obligations, e.g., to banks, payment service providers, credit card companies for payment processing, and to shipping service providers for the delivery of goods.
IV. Google Services
The provider of the following Google services is Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (hereinafter "Google").
The legal basis for the use of the following Google services is our legitimate interests under Article 6(1)(f) of the GDPR.
VI. Review Platforms
Our internet offering uses the Trusted Shops Trustbadge. The provider is Trusted Shops GmbH, Subbelrather Str. 15C, 50823 Cologne (hereinafter "Trusted Shops"). The Trustbadge displays the Trusted Shops quality seal and reviews from us. When the Trustbadge is called up, personal data such as the IP address, date and time of access, amount of data transferred, and the requesting provider are processed automatically, and the access is documented. These access data are not evaluated and are automatically deleted no later than 7 days after your visit to the page ends. The legal basis for the use of the Trusted Shops Trustbadge is our legitimate interest in optimal marketing of our offer under Article 6(1)(f) GDPR.
Additional personal data will only be transferred to Trusted Shops to the extent that you have given your consent, decide to use Trusted Shops products after completing an order, or have already registered for use. In this case, the contractual agreement between you and Trusted Shops applies.
VII. Media Content
We use third-party content as part of our internet offering, which is loaded directly from the servers of the providers named below. The purpose of including this content is to make our internet offering more attractive. Our legitimate interest in using such third-party content is to make our internet offering more attractive. The legal basis for the use of the following social media plugins is our legitimate interests under Article 6(1)(f) GDPR.