Our company attaches great importance to the protection of personal data and respects your wish for privacy. The following informs you about how personal data is collected when you use our website www.juwel-aquarium.de. If you have any further questions regarding the handling of your personal data, please do not hesitate to contact our Data protection officer.
1 Data Controller
The Data controller within the meaning of the General Data Protection Regulation (GDPR) is:
JUWEL Aquarium AG & Co. KG
27356 Rotenburg (Wümme)
The data protection officer of the responsible party is:
Dr. Schroff Weg 11
Tel. +49 0152 262 929 63
You can contact our Data protection officer via email@example.com or by writing to the "The Data protection officer" at the above address.
Whenever you contact us by email or via a contact form, we will store the data you submit (your email address and, where applicable, your name and telephone number) in order to answer your questions and process your requests. The legal basis for this is Article 6, paragraph 1 s.1 lit. f GDPR. If we use our contact form to ask for information that is not required for us to be able to contact you, we will always label this information as optional. This information helps us answer your enquiry and improve the way your request is processed. This information is provided expressly on a voluntary basis and with your consent, in accordance with Article 6 paragraph 1 s. 1 lit. a GDPR. If this information includes contact method (e.g., an email address or telephone number), you also agree that we may contact you via this contact method in order to respond to your request. You can of course revoke this consent at any time with future effect.
Your data, which we received during the approach, will be deleted once it is no longer required to achieve the purpose for which it was collected, once your request has been fully processed, and no further communication with you is necessary or desired by you.
As the Controller, our company has implemented various technical and organisational measures to ensure that the personal data processed through this website is protected as fully as possible. Nevertheless, internet-based data transmission may always have certain security vulnerabilities. 100% protection cannot be guaranteed; in any case, sending unencrypted emails is never secure. We therefore ask that you use either encrypted contact methods (e.g., our contact form) or the regular mail instead of an unencrypted method.
3 Your rights
We will be happy to provide you with information as to any processing of your personal data. Should this be the case, you have a right to information about this personal data and to the information listed in detail in Article 15 GDPR. In addition, you have the right to rectification (Article 16 GDPR), the right to restriction of processing (Article 18 GDPR), the right to erasure (Article 17 GDPR) and the right to data portability (Article 20 GDPR) subject to the respective legal requirements.
You have the right to object to processing subject to the legal requirements (Article 21 GDPR).
To exercise your rights, please contact firstname.lastname@example.org by email or write to JUWEL Aquarium AG & Co. KG,
Karl-Göx-Strasse 1, 27356 Rotenburg (Wümme). Exercising your rights is free of charge.
Without prejudice to these rights and to the possibility of seeking any other administrative or judicial remedy, you may at any time exercise your right to lodge a complaint with a supervisory authority, in the Member State of your residence, your place of work, or the place of the alleged infringement, if you consider that the processing of personal data relating to you infringes data protection legislation (Article 77 GDPR).
The supervisory authority responsible for us is The State Commissioner for Data Protection Lower Saxony
4 Legal bases of our data processing
The processing of personal data may be based on different legal bases. If we need your data to fulfil a contract with you or to respond to an enquiries from you regarding a contract, the legal basis for this data processing is Article 6 paragraph 1 s. 1 lit. b GDPR. If we obtain your consent for a specific data processing operation, the legal basis for this is Article 6 paragraph 1. s.1 lit. a GDPR. We process some data based on our legitimate interest, whereby we always strike a balance between those of your interests which are worthy of protection and our legitimate interests. The legal basis for this is Article 6, paragraph p.1 lit. f GDPR. Insofar as the processing is necessary to fulfil a legal obligation to which we are subject, the legal basis for this is Article 6 paragraph 1 s. 1 lit. c GDPR.
In the following, we explain how we process personal data via our website www.juwel-aquarium.de .
5 DATA PROCESSING WHEN VISITING THE WEBSITE
5.1 Description and scope of data processing
Every time you visit our website, our system automatically collects data and information from the computer system of the computer making the request.
The following data is collected:
- Information about the browser type and the version used.
- The user’s operating system
- The HTTP response code
- The number of bytes transferred
- The user's IP address
- Date and time of access
- The websites from which the user's system accesses our website
- The websites requested by the user's system via our website
5.2 Legal basis for data processing
The legal basis for the temporary storage of data and log files is Article 6 paragraph 1 lit. f GDPR.
5.3 Purpose of data processing
The temporary storage of the IP address by the system is necessary to enable the website to be delivered to the user's computer. For this purpose, the user's IP address must remain stored for the duration of the session.
Log files are stored to ensure the functionality of the website. In addition, we use these data to optimise the website and to ensure the security of our information technology systems. We do not evaluate this data for marketing purposes.
These purposes also constitute our legitimate interest in data processing pursuant to Article 6 paragraph 1 lit. f GDPR.
5.4 Duration of storage
The data is deleted when it is no longer required to fulfil the purpose for which it was collected. With respect to the collection of data for the provision of the website, this takes place when the respective session has ended. With respect to the storage of data in log files, deletion is carried out within seven days. Data may be stored beyond this period. In this case, the user's IP address will be deleted or de-familiarised, so that the accessing client can no longer be identified.
5.5 Objection and erasure options
The collection of data for the provision of the website and the storage of the data in log files is necessary for the operation of the website.
6 Data security
We have taken extensive technical and operational precautions to protect your data from accidental or intentional manipulation, loss, destruction or access by unauthorised persons. Our safety procedures are regularly checked and adapted to conform with the latest technological developments.
7 Data transfer
As a rule, your personal data will not be transferred to third parties unless we are legally obliged to do so; or where the data transfer is necessary for the performance of the contractual relationship; or where you have previously expressly consented to the transfer of your data.
External service providers and partner companies, such as online payment providers or a shipping company commissioned with delivery, only receive your data insofar as this is necessary to process your order. In such cases, however, the scope of the data transmitted is restricted to the minimum scope necessary. Insofar as our service providers process your personal data on our behalf, we ensure within the framework of order processing pursuant to Article 28 GDPR that they comply with the provisions of data protection laws in the same manner. Please also note the data protection policies of the respective providers. The service provider in question is responsible for the content of third-party services, and we check the services for compliance with the legal requirements, where reasonable to do so.
We attach importance to processing your data within the EU/EEA. However, there may be occasions when we use service providers who process data outside the EU/EEA. In such cases, we ensure that an adequate level of data protection comparable to the standards within the EU is established with the recipient prior to the transfer of your personal data. This may be achieved, for example, via standard EU contracts or binding corporate rules or special agreements to whose terms the company may be subject.
8 Job applications
You can apply to our company online, e.g., via email. Please note that unencrypted emails are not sent with access protection.
Your details will be used to process your application and decide on whether to enter an employment relationship. The legal basis for this is Section 26 (1) in conjunction with Section 26 (8.2) of the German Federal Data Protection Act (BDSG). Furthermore, your personal data may be processed insofar as this is necessary to defend legal claims arising from the application process against us. The legal basis for this is Article 6, paragraph 1 s.1 lit. f GDPR. The legitimate interest in the processing also lies in the stated purposes.
Should we enter into an employment relationship with you, we may further process the personal data we have already received from you for the purposes of the employment relationship in accordance with Section 26 (1) BDSG insofar as this is necessary for the performance or termination of the employment relationship or for the exercise or fulfilment of employee representation rights and obligations resulting from a legal act or a collective wage agreement, a works agreement or a service agreement (collective agreement).
Your application data will not be processed beyond the described use.
Your personal data will be deleted after completion of the application process after 6 (six) months at the latest, unless there are other legitimate interests on our part that prevent deletion, or you have given us permission to store this data for a longer period. Other legitimate interest in this sense is, for example, a duty to provide evidence in proceedings under the German General Equal Treatment Act (AGG).
9 What are cookies?
Cookies are data stored on your computer by a website that you visit and enable your browser to be re-recognised. Cookies are used to send information to the site that sets the cookie. Cookies store information, such as your language settings, the duration of your visit to our website or any entries you made on it. This means that, for example, you do not need to re-enter mandatory form data each time you visit the site. The information stored in cookies can also be used to identify user preferences and to gear content according to your interests.
There are different types of cookies: session cookies are data only stored in memory temporarily which is deleted when you close your browser. Persistent cookies are automatically deleted after a specified period. This period may vary from cookie to cookie. The information in this type of cookie can also be stored in text files on your computer. You can, however, delete these cookies at any time via your browser settings.
First-party cookies are set by the website you are currently visiting. This website alone can read the information in these cookies. Third-party cookies are set by organisations different to the operator(s) of the website you are visiting. These cookies are used by marketing companies, for instance.
The legal basis for any processing of personal data using cookies and their storage period may vary. Insofar as you have given us your consent, the legal basis is Article 6 paragraph 1 s. 1 lit. a GDPR. Insofar as the data processing is based on our overriding legitimate interests, the legal basis is Article 6 paragraph 1 p.1 lit.f GDPR. In this case, the stated purpose corresponds to our legitimate interest.
Cookies used on this website are:
You can delete cookies already stored on your end device at any time. If you want to prevent cookies from being stored, you can do so via your internet browser settings. Instructions for popular browsers can be found here: Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Google Chrome mobile, Microsoft Edge Browser, Safari, Safari mobile. Alternatively, you can also install what are known as ad blockers. Please note that some functions on our website may not work if you have disabled cookies.
10 Online orders – shop
When you place an order on our website, we collect the data that is needed to conclude the contract. The data is stored for the duration of the contract and in accordance with legal requirements. If necessary, when processing the order, we will forward your address data to a shipping service provider. The legal basis for this is the conclusion and execution of a contract in accordance with Article 6 paragraph 1 p. 1 lit. b GDPR.
For payment processing, we use various payment service providers. These are always named and receive your entries. These are therefore also recipients of your personal data collected in connection with the payment process. The legal basis for the use of payment service providers is also the processing of the contract in accordance with Article 6 paragraph 1 s. 1 lit. b GDPR.
You can choose to register on one of our websites and create a customer/user account. Personal data that must be provided is marked as mandatory in each registration form; any other information is optional.
During registration, we collect and store the following data about you (optional):
- First name
- Email address (username)
We use the so-called double opt-in procedure for registration, i.e., your registration is only completed when you have confirmed your registration by clicking on the link contained in a confirmation email sent to you for this purpose. If you fail to confirm, your registration will be automatically deleted from our database. Once you have registered, you will receive your own password-protected customer/user account and will be able to view and manage the data you have entered. Registration is voluntary but may be a requirement if you wish to use our services.
We store the data required for fulfilling the contract, also including information about the payment method, if necessary, until you permanently delete your user account. Furthermore, we store the data additionally provided by you for the period in which you use your customer/user account, unless you delete it beforehand. You can manage and change all information in the secure customer area.
You can delete your user account at any time. After the account is deleted, all personal data that is not subject to a statutory retention obligation or Article 17 paragraph 3 GDPR will be deleted.
The legal basis for this data processing is Article 6 paragraph 1 lit. a, b and f GDPR.
13 Website analysis
For the purpose of analysing and optimising our websites, we use various services which are described below. We use these services to analyse how many users visit our site, which information is most in demand or how users discovered our offering. We also collect data on which internet page a user came to our website from (known as referrer), which pages of the website were accessed or how often and for how long a page was viewed. This helps us to design our offering in a user-friendly manner, to find errors and to improve our offering; and this is also our legitimate interest in using these tools. The data collected is not used to personally identify individual users. We take a data-saving approach: we collect anonymous or at most pseudonymous data. The legal basis for this data processing is your consent in accordance with Article 6 paragraph1 lit.a, 7 GDPR.
GoogleAnalytics: Tool for web analysis and surfing behaviour.
14 DoubleClick by Google
When you access a page that uses DoubleClick where the DoubleClick script has been allowed, your browser automatically establishes a direct connection to the Google server. As a website operator, we have no influence on the scope and further use of the data collected by Google using this tool. We inform you based on the information available: using DoubleClick, Google is informed that you have called up the corresponding part of our website or clicked on an advertisement via our site. If you are registered with a Google service, Google can log the visit under your account. Even if you are not registered with Google or have not logged in, it is possible that the provider may obtain and store your IP address.
Insofar as data is processed outside the EEA, where there is no level of data protection corresponding to the European standard, we have concluded EU standard contractual clauses with the service provider to establish a secure level of data protection.
The collection and storage of data only takes place after express consent in accordance with Article 6 paragraph 1 s. 1 lit. a GDPR. This consent may be revoked at any time with future effect.
15 Google Analytics
Where you have given your consent, this website uses Google Analytics, a web analytics service provided by Google LLC. The controller for users in the EU/EEA and Switzerland is Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google").
15.1 Scope of processing
We use the User-ID feature. With the help of the User ID, we can assign a unique, permanent ID to one or more sessions (and activities within these sessions) and analyse user behaviour across devices.
With Google Analytics 4, the anonymisation of IP addresses is enabled by default. IP anonymisation has been enabled on our website, whereby a user's IP address shall be truncated in advance by Google within the Member States of the European Union, or other States party to the agreement in the European economic area. The entire IP address is only sent to a Google server in the United States and truncated there in exceptional cases. The IP address transmitted by your browser within the scope of Google Analytics will not be associated with other Google data.
During your visit to the website, your user behaviour is recorded in the form of "events". Examples of events:
- Page views
- First visit to the website
- Start of the session
- Your "click path", interaction with the website
- Scrolls (whenever a user scrolls to the bottom of the page (90%))
- Clicks on external links
- internal searches
- Video interaction
- Ads viewed/clicked
The following is also recorded:
- Your approximate location (region)
- Your IP address (truncated)
- Technical information about your browser and the end devices you use (e.g., language setting, screen resolution)
- Your Internet provider
- The referrer URL (through which website/advertising medium you arrived at this website)
15.2 Purposes of processing
On behalf of the operator of this website, Google will use this information to evaluate your use of the website and compile reports on website activity. The reports provided by Google Analytics are used to analyse the performance of our website and the success of our marketing campaigns.
The following are/may be recipients of the data:
Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (as processor pursuant to Article 28 GDPR)
Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA
Alphabet Inc., 1600 Amphitheatre Parkway Mountain View, CA 94043, USA
There can be no assurance that US authorities will not have access to the data stored by Google.
15.4 Third country transfer
Where data is processed outside the EU/EEA and there is no level of data protection corresponding to the European standard, we have concluded EU standard contractual clauses with the service provider in order to establish an adequate level of data protection. Google Ireland's parent company, Google LLC, is based in California, USA. Transfer of data to the USA and access by US authorities to the data stored by Google cannot be ruled out. The USA is currently considered a third country from a data protection perspective. You do not have the same rights there as within the EU/EEA. You may not have any legal recourse against access by authorities.
15.5 Storage duration
The data sent by us and linked to cookies is automatically deleted after 2 OR 14 months. The data for which the period of storage has elapsed is deleted automatically once a month.
15.6 Legal basis
The legal basis for this data processing is your consent in accordance with Article 6 paragraph1 s.1 lit.a GDPR.
You can revoke your consent at any time with future effect by making changes to your cookie settings Renew or change your cookie consent. The data processing between the time of consent and the revocation of consent, remains lawful.
Alternatively, you can prevent the storage of cookies from the outset by configuring your browser software accordingly.
However, if you configure your browser to reject all cookies, this may impair the functionality of this and other websites. You can also prevent the collection of data generated by the cookie and relating to your use of the website (including your IP address) by Google, and the processing of this data by Google, by
a. not giving your consent to the cookie or
b. downloading and installing the browser add-on to deactivate Google Analytics HERE.
16 Google Web Fonts (offline versions)
This site uses what are known as web fonts provided by Google for the uniform display of fonts. When you access a page, your browser loads the required web fonts into your browser cache in order to display texts and fonts correctly. We have opted for the offline version, in which the Google Fonts are stored locally on our web server. The fonts can then be managed – using CSS – as with any other font family. The IP address and other data are not sent to Google.
Google Web Fonts are used in the interest of presenting our online offering in a uniform and appealing manner offering given efficiency and cost-saving considerations. This represents a legitimate interest within the meaning of Article 6 paragraph 1 lit. f GDPR. If your browser does not support Web Fonts, a default font will be used by your computer.
17 YouTube (with two-click solution)
We use services from YouTube, LLC, 901 Cherry Ave, 94066 San Bruno, CA, USA, a subsidiary of Google Inc, Amphitheatre Parkway, Mountain View, CA 94043, USA, on our website. For users who are habitually resident in the European Economic Area or Switzerland, Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland is the Data controller for your data.
We use a two-click solution to protect your personal data. If you access a page in which a YouTube video is embedded, a connection to the YouTube servers is only established when you click on the "Confirm" button. In this case, YouTube will set cookies and use your visit data for its own purposes. If you are logged in to YouTube at this time, the information about the videos you have watched will be logged under your YouTube user account. You can prevent this by logging out of your user account before visiting our website. Insofar as data is processed outside the European Economic Area/the EU, where there is no level of data protection equivalent to the European standard, Google states that it uses standard contractual clauses.
Further information on YouTube's data protection is provided by Google via the following link: https://www.google.de/intl/de/policies/privacy/
18 Facebook Fan Page
18.1 General information
Social media has become an integral part of the internet and modern communication. In order to stay in contact with our customers and interested parties, we have also set up our own fan page on Facebook. Facebook is a service of Meta Platforms, Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA (hereinafter referred to as "Facebook").
We expressly draw your attention to the fact that Facebook stores user data (e.g., IP address, preferences and personal interests, behaviour on Facebook pages, any personal information stored on Facebook, etc.) and uses it for business purposes.
We have no influence on the processing and further use of this data, as Facebook alone determines how processing is done. We are not currently able to verify the extent to which, the destination and the length of time for which the data is stored, the extent to which the data is linked [to other data] and evaluated and to whom the data is transferred. We also have no insight or influence regarding retention periods, i.e., whether and to what extent any retention periods are followed.
If you have a Facebook account and logged into it, Facebook can associate your visit to our site with your user account. If you would like to prevent Facebook from linking data about your visit to our Fan Page with your member data stored on Facebook, you must
- log out of Facebook prior to each visit to our Fan Page
- delete the cookies on your device
- and exit and restart your browser.
According to Facebook, all information from which Facebook can identify you will in this way be deleted.
18.2 Scope of data collection and storage
You do not have to have a Facebook account to view the content on our Facebook Fan Page. However, data is collected, stored and used by Facebook every time you visit our site. From the moment you access our Fan Page, your browser establishes a connection with a Facebook server. In doing so, data may be transferred to countries outside the European Union. In any case, regardless of whether you are registered with Facebook or not, your IP address will be transmitted, and cookies will be set. If you have a Facebook account and are logged into it, Facebook can associate your visit to our site with your user account.
These include session cookies, which are deleted when the browser is closed, and permanent cookies which remain on the end device until they expire or are deleted by the user. A cookie is a tiny text file that enables a website to identify a browser. Cookies are stored on the computer when a website is accessed and are retrieved and read the next time the same web server is accessed. As a user, you can choose cookies you wish to allow, block or delete via the browser settings. Instructions for popular browsers can be found here: Internet Explorer, Firefox, Google Chrome, Google Chrome mobile, Microsoft Edge, Safari, Safari mobile. Alternatively, you can install “ad blockers” such as Ghostery.
User interactions (postings, likes, etc.)
Article 6 paragraph 1 lit. f GDPR
Target group advertising
Article 6 paragraph 1 lit. f GDPR
Demographic data (e.g., based on age,
place of residence, language or gender)
Target group advertising
Article 6 paragraph 1 lit. f GDPR
Statistical data on user interactions in aggregated
form, i.e., without us being able to identify individuals
(e.g., page activities, page views, page previews,
likes, recommendations, posts, videos,
page subscriptions incl. origin, times of day)
Target group advertising
Article 6 paragraph 1 lit. f GDPR
No automated individual decision-making including profiling in accordance with Article 22 GDPR takes place.
As a rule, we only store personal data until the respective purpose for which the data was collected has been achieved. In the context of a business relationship with you, we store your personal data for as long as this business relationship exists, this also includes the initiation and processing of a contract as well as the regular limitation period. We also store the data if and insofar as we are subject to statutory retention obligations. Such obligations may arise, for example, from the German Commercial Code (HGB) or the German Fiscal Code (AO).
If you have given us consent for a particular processing operation, the data associated with the granting of consent will be stored subject to the statute of limitations until revocation or at the latest for the duration of the processing operation and after the end of the same.
18.3 Facebook Insights
18.4 Disclosure and use of personal data
If you interact with Facebook, Facebook will have access to your data as you would expect. Facebook is located in an unsafe third country where the level of data protection is lower. Data transmission is based on what are known as standard data protection clauses. For more information, see HERE.
18.5 Legal bases
If processing is necessary to safeguard a legitimate interest of our company or a third party and if the interests, fundamental rights and freedoms of the data subject do not outweigh the this interest, Article 6 paragraph 1 lit. f GDPR serves as the legal basis for processing. We see our legitimate interest for data processing in the presentation of our company and our products as well as our services for your information and in the provision of up-to-date communication options for and with you.
18.6 Joint controllers
JUWEL Aquarium AG & Co. KG
27356 Rotenburg Wümme
Meta Platforms Ireland Limited
4 Grand Canal Square, Grand Canal Harbour,
We are jointly responsible with Facebook for the processing of your personal data according to the European Court of Justice (ECJ). The ECJ's decision of 5 June 2018 can be found HERE.
By means of our joint responsibility, we inform you with regard to Article 26 GDPR about the essential aspects of the existing agreement on joint responsibility between us and Facebook: https://www.facebook.com/legal/terms/page_controller_addendum