Privacy & security

Privacy Notice for Sport-Thieme GmbH

(As at: 12/16/2022)

In this document we will inform you about the processing of personal data carried out by Sport-Thieme GmbH in accordance with the General Data Protection Regulation (GDPR), see article 13 of the GDPR. Please read our privacy notice carefully. Should you have any queries or comments regarding this information, you can contact us at any time using the contact information listed in section 2.

 

1. Overview
2. Name and contact information of the person responsible for processing and of the company data protection officer
3. Purposes of data processing, legal basis and legitimate interests pursued by Sport-Thieme GmbH or a third party as well as categories of recipients
4. Recipients outside of the EU
5. Your rights
6. Cookie setting

 

1. Overview

The following privacy notice informs you about the type and scope of the processing of personal data carried out by Sport-Thieme GmbH. Personal data are pieces of information that are, or could be, directly or indirectly associated with your person.

The data processing carried out by Sport-Thieme GmbH can be primarily divided into two categories:

• For the purpose of contract processing, all data necessary for the fulfilment of a contract with Sport-Thieme GmbH are processed. If external service providers e.g. logistics companies or payment service providers are also involved in the processing of the contract, your data will be passed on to these to the extent required in each case.
• When accessing the Sport-Thieme GmbH website, various pieces of information are exchanged between your end device and our server. These can also be personal data. The information collected in this manner is used, amongst other things, to optimise our website or to display adverts in your end device’s browser.

In accordance with the stipulations of the GDPR, you have various rights that you can assert against us. These include the right to object to selected data processing, in particular data processing for advertising purposes.

 

2. Name and contact information of the person responsible for processing and of the company data protection officer

This privacy notice applies to data processing carried out by Sport-Thieme GmbH, represented by Managing Director Maximilian Hohe, Helmstedter Straße 40, 38368 Grasleben (‘the person responsible’), and for the website www.sport-thieme.com. Sport-Thieme GmbH’s company data protection officer can be contacted at the above address, ‘for the attention of’ the Data Protection Department, or via datenschutz@sport-thieme.com

 

3. Purposes of data processing, legal basis and legitimate interests pursued by Sport-Thieme GmbH or a third party as well as categories of recipients

3.1. Accessing our website

When accessing our website, information is automatically sent to the server of our website by the browser being used on your end device and is temporarily saved in a so-called log file. We have no control over this. In the process, the following information is collected without any action on your part and stored until it is deleted automatically:

• the IP address of the requesting web-enabled device,
• the date and time of access,
• the name and URL of the retrieved file,
• the website, from which the file was accessed (referrer URL),
• the browser you used and, where applicable, your web-enabled computer’s operating system as well as the name of your access provider.

The legal basis for the processing of the IP address is article 6, paragraph 1 (f) of the GDPR. Our legitimate interest ensues from the purposes for data collection listed hereafter. We would like to point out that your identity cannot be directly inferred from the data collected and that no conclusions are drawn by us.

We use your end device’s IP address as well as the other data listed above for the following purposes:

• to ensure a connection is established smoothly,
• to ensure our website is user-friendly,
• to evaluate system security and stability.

The data are saved for a period of 38 months and are subsequently deleted automatically. Furthermore, we use cookies, tracking tools and targeting processes for our website. Which processes these are exactly and how your data are used for them is explained in detail in section 3.4.

 

3.2. Conclusion, execution or termination of a contract

3.2.1. Data processing on conclusion of the contract

We process the following data for the preparation and conclusion, execution, communication or termination of a purchase contract with you in this online shop: 

• First name, surname
• Where applicable, corporate name / name of organisation
• Billing and shipping address
• Email address
• telephone number 
• Billing and payment information

The legal basis for this is article 6, paragraph 1 (b) of the GDPR. This means that you provide us with your data on the basis of the contractual relationship or in preparation of a contractual relationship between you and us. Furthermore, we are obliged to process your email address due to the German Civil Code (Bürgerliches Gesetzbuch – BGB), which stipulates that we send an electronic order confirmation (article 6, paragraph 1 (c) of the GDPR). Provided we do not use your contact details for advertising purposes (see 3.3), we store the data collected for contract processing until the expiration of legal and possible contractual warranty and guarantee rights. After the expiration of this period, we retain information from the contractual relationship required under trade and tax laws for the legally specified time period. During this period (normally ten years after the conclusion of the contract), the data will only be processed again in the case of an audit by the tax authorities. Provided that you are entitled to a warranty in compliance with our general terms and conditions, we would like to point out that some products have a warranty period that might exceed the legal retention period.

Furthermore, the following data processing is necessary for executing the sales contract:

Provided that you have chosen a payment method other than prepayment or sale on account, we pass the necessary payment information to a payment service provider commissioned by us. Depending on your chosen method of payment, in some cases our payment service providers may process data outside the EU. In this case, together with our service providers we ensure an appropriate level of data protection

 

We pass on details of your delivery address to a logistics company commissioned by us for shipping purposes. If articles are delivered directly to you by the manufacturer (so-called drop shipment), the manufacturer will receive details of the delivery address for the purpose of shipment. 
In the case of freight shipments, the email address and telephone number are also forwarded in order to coordinate the details of the delivery. The data will be deleted after the delivery has taken place, unless the transport-executing agencies are obliged to retain the data. 

 

3.2.2. Credit rating

If we make advance outlays or deliveries e.g. with a sale on account, we have put our own scoring process in place in order to safeguard our legitimate interests in protecting us against credit risk, article 6, paragraph 1 (f) of the GDPR. Scoring is defined as making a prognosis about future events based on collected information and experiences from the past. Using information provided by you or, if necessary, data we already have saved, you are allocated to statistical groups of people who have previously entered similar information. The underlying process used is a well-founded, mathematical and statistical method of making a prognosis about the probability of risks which has been tried and tested for a long time. In addition, we use concrete creditworthiness information that we have collected about you in the course of our previous business relations, e.g. your payment history.

If our own credit-rating system does not yield the result that we are sufficiently protected against credit risk, we obtain a credit check via consumer credit agencies. The legal basis for this is also article 6, paragraph 1 (f) of the GDPR in order to safeguard our legitimate interest in protecting us against credit risk. To do this, we work with the following credit agencies, who provide us with the data required therefor.

3.2.2.1. Creditreform Boniversum GmbH, Hellersbergstr. 11, 41460 Neuss

For the purpose of carrying out a credit check, we pass on your name and contact details to Creditreform. By order of Creditreform Boniversum, we provide you with information in accordance with article 14 of the GDPR, which you can read here: https://www.creditreform-duesseldorf.de/EU-DSGVO/.

3.2.2.2. CRIF GmbH, Radlkoferstraße 2, 81373 Munich

Within the scope of this contractual relationship, we pass on collected personal data concerning the application, implementation and termination of this business relationship to CRIF GmbH, Radlkoferstraße 2, 81373 Munich.

CRIF processes the data received and also uses them for the purposes of scoring in order to provide its contractual partners in the European Economic Area and in Switzerland as well as in other countries if necessary (provided that there is an adequacy decision about them from the European Commission) with information about the assessment of creditworthiness of natural persons, etc. You can find out more about CRIF’s work at www.crif.de/datenschutz 

The credit check may lead to not all payment methods offered being available. You have the right to a manual review, presenting your own viewpoint, as well as to challenge the decision in this case.

In the event of late payment and provided that the other statutory requirements are met, we pass on the required data to a company commissioned with asserting the claim. Both article 6, paragraph 1 (b) and article 6, paragraph 1 (f) of the GDPR are the legal basis for this. Assertion of a contractual claim is to be considered as a legitimate interest in keeping with the latter stipulation.

 

3.3. Data processing for advertising purposes

The following statements relate to the processing of personal data for advertising purposes. The GDPR describes data processing of this kind based on article 6, paragraph 1 (f), as conceivable in principle and as a legitimate interest. The duration of the retention period for data used for advertising purposes does not follow any strict guidelines and is based on nature and extent of our business relationship to date. At Sport-Thieme GmbH, we also abide by the principle of ceasing to use your data for advertising purposes no later than five years after your last contact. Please see section 3.3.3. for the process should you object.

3.3.1. Sport-Thieme GmbH and third-party advertising purposes

If you have concluded a contract with us, we will keep a record of you as an existing customer. In this case, we use your postal address beyond the existence of distinct consent to send you information about new products and services. We occasionally pass on your postal address to contractual partners, carefully chosen by us, from mail-order and telecommunications fields so that they can also inform you about their products. We use your email address beyond the existence of distinct consent to provide you with information about our own, similar products. Following the purchase, you will also receive an automatic email, in which we ask you to rate us and our products. In doing so, you are helping us to adapt and to further develop our products and our product range.

3.3.2. Advertising that reflects your interests

To ensure that you only receive promotional information that might be of interest to you, we categorise your customer profile and add additional information to it. To do this, statistical information and information about you is used (e.g. basic information from your customer profile). Our aim is to only send you advertising that is or might be of interest to you and to not bother you with advertising that is not useful to you.

3.3.3. Right to object

You can object to your data being processed for advertising purposes at any time, separately for the respective communication channels and with effect for the future, without incurring costs other than the transmission costs at the basic prices. To do this, e.g. simply send an email to info@sport-thieme.com or use the unsubscribe option in an email. 

If you object, the contact address in question is blocked from further data processing for advertising purposes. Please note that, in exceptional cases, advertising material could temporarily continue to be sent even after you have lodged your objection. The technical reason for this is the required lead time of advertisements and it does not mean that we are not implementing your objection. Thank you very much for your understanding.

3.3.4. Newsletter subscription

You can sign up for our newsletter on our website. To verify your subscription, we use a double opt-in system: Upon submitting your email address in the sign-up field, we will send you a confirmation link. Only once you have clicked on this confirmation link will your email address be added to our distribution list. As proof of your subscription we save the email address, IP address and time stamp recorded at the time of sign-up and confirmation for at least the duration of your subscription to the newsletter. The legal basis for this is article 6, paragraph 1 (f) of the GDPR; our legitimate interests are evidenced by your approval to be included in our newsletter distribution list. The newsletter we send to you provides us with information including confirmation of receipt and whether it has been read or not, as well as which links you have clicked on in the newsletter. Your user behaviour with regards to the newsletters you receive from us and our website is analysed and assigned to your email address / user profile stored within our database. By creating a personalised user profile, we wish to tailor our advertising to your interests and optimise the offerings on our website for you. The processing of your electronic contact data and its analysis as described occurs solely on the basis that you have given your consent (article 6, paragraph 1 (a) of the GDPR) at this point. You can withdraw your consent at any time with effect for the future. To do this, simply send a short note via email to info@sport-thieme.com or click on the ‘Unsubscribe’ button, located at the bottom of every newsletter.

 

3.4. Online presence and website optimisation

3.4.1. Cookies – General information

We use so-called cookies on our website. Cookies are small files which your browser generates automatically, and which are stored on your end device (laptop, tablet, smartphone, etc.) when you visit our site. Cookies do not harm your end device in any way, they do not contain viruses, Trojans or other malicious software. Information is stored in the cookie, which stems from the connection with the specific end device used in each case. However, this does not mean that we immediately get to know your identity. On the one hand, cookies are used to make the use of our offering more convenient for you. We use so-called session cookies, for example, to recognise that you have already visited individual pages on our website or that you have already logged in to your customer account. These are automatically deleted when you have left our site. In addition, also for user friendliness, we use temporary cookies that are stored on your end device for a specific period of time. If you visit our site again to use our services, the system automatically recognises that you have already visited us and remembers the inputs and settings you have entered, so you do not have to re-enter them.

If you have a customer account with Sport-Thieme GmbH and you are logged in or you activate the ‘Stay logged in’ function, the information stored in cookies will be saved to your customer account.

On the other hand, we use cookies to statistically record the use of our website and to evaluate the optimisation of our offering for you as well as to display information tailored to you. These cookies allow us to automatically recognise that you have already been on our site when you visit our site again. These cookies are automatically deleted after a defined period of time. Most browsers automatically accept cookies. However, you can configure your browser so that no cookies are stored on your computer or so that you are always notified before a new cookie is generated. Disabling cookies completely, however, may mean that you cannot use all of the features of our website. The storage period for cookies depends on their purpose and is not the same for all of them.

3.4.2. Cookies – Overview

  -

  -

3.4.3. Option to object /opt out

In addition to the disabling methods described above, you can generally stop the outlined targeting technologies through relevant cookie settings in your browser (see also 3.4.1). Furthermore, you have the option to disable preference-based advertising using the Preference Manager, which is available here.    

 

3.5. Establishing contact, contact forms, evaluation functions and ‘queries about the product’

The following processing is carried out at least on the basis that you have given your consent in keeping with article 6, paragraph 1 (a) of the GDPR by actively contacting us or leaving a product review. Depending on the content of your request, your data can also be processed based on article 6, paragraph 1 (b) (processing to fulfil a contract, e.g. your order or to carry out pre-contractual activities at your request, e.g. requesting an offer) or article 6, paragraph 1 (c) (processing to fulfil a legal obligation from us, e.g. as part of a warranty claim).

You can send general queries to us using the contact form provided on our website. You must provide your name, an email address and a telephone number to enable us to contact you. You can choose to provide further information.

We collect these data so that we know who a request is coming from and so that we are able to respond to this as effectively as possible using the method that you have specified.

When you review a product in our online shop we ask you to provide a name and an email address. Names and email addresses are not published. In this case, another legal reason is our legitimate interest in being able to react, for example, in the event of prohibited or illegal assessments, in keeping with article 6, paragraph 1 (f) of the GDPR.

You can edit or delete your published opinion at any time. To do so, please write to us at produktbewertung@sport-thieme.de.

If you use the ‘Product query’ function, you are also required to submit a name and email address so that we can respond to you directly if necessary. Should your question be published, your name and your email address are not displayed.

If you contact us by telephone, we ask you to provide data necessary for processing your request as part of the content of your request.

 

4. Recipients outside of the EU

For information on the recipients outside the EU for the technologies we use for this online presence, see the list under point 3.4.2. We also use other products for internal processes, including those from Microsoft, where storage and processing takes place on servers within the EU, but the company itself is based in the USA, which from a data protection perspective is considered a third country without an adequate level of data protection. To further ensure the protection of your data, Sport-Thieme has concluded with these companies at least the so-called Standard Contractual Clauses of the EU Commission as well as other agreements and measures to protect your data.

 

5. Your rights

5.1. Overview

In addition to the right to withdraw the consent you have given us, you also have the following rights if the respective legal requirements are met:

The right to be informed about your personal data that we keep as per article 15 of the GDPR; in particular, you can request information about the purposes of the processing, the category of personal data, the categories of recipient to whom your data has been or will be disclosed, the envisaged period for which your data will be stored or the source of your data if these were not directly collected from you,

• The right to rectification of inaccurate data and to complete incomplete data as per article 16 of the GDPR,
• The right to erasure of your data that we store as per article 17 of the GDPR, provided no legal or contractual periods of retention or other legal requirements or legislation to retaining your data have to be met,
• The right to restriction of processing your data as per article 18 of the GDPR, provided you contest the accuracy of your data or that the processing is unlawful but you oppose to your data being erased; the person responsible no longer needs the data but you require them for establishing, exercising or defending a legal claim, or if you have objected to the processing of your personal data as per article 21 of the GDPR,
• The right to data portability as per article 20 of the GDPR, i.e. the right to receive certain personal data we store concerning you in a commonly used and machine-readable format, or to request the transmission of those data to another person responsible,
• The right to lodge a complaint with a supervisory authority. As a general rule, please contact the supervisory authority of your usual place of residence, place of work or the place of our headquarters.

 

5.2. The right to object

Provided that the conditions of article 21, paragraph 1 of the GDPR are met, data processing can be objected to on grounds resulting from the particular situation of the person concerned.

The aforementioned general right to object applies to all purposes for the processing of personal data described in this privacy notice which are processed based on article 6, paragraph 1 (f) of the GDPR. Unlike with the special right to object to data processing for advertising purposes (see 3.3.3. above), as per the GDPR we are only obliged to implement any such general objection if you provide us with reasons of an overriding interest (e.g. risk to life or health). Furthermore, you have the option to contact a supervisory data protection authority.

 

6. Data security

All of the data submitted by you personally, including your payment details, are transmitted using the standard and secure SSL (Secure Socket Layer) protocol. SSL is a secure and reliable protocol, which is also used for secure data transfer in online banking, for example. Amongst other things, you can identify a secure SSL connection if the ‘http’ in the browser address ends in an ‘s’ (i.e. https://....) or if your browser displays a lock symbol.

Apart from that, we apply suitable technical and procedural security measures to safeguard your personal data we are storing from manipulation, partial or total loss or unauthorised third-party access.