3. Purposes of processing data, legal bases and legitimate interests pursued by GARPA or a third party and categories of recipients
3.1. Accessing our site
When you access our website, the browser used on your device automatically sends information to the server of our website and temporarily saves it in a log file, over which we have no influence. The following information will be collected without your intervention and stored until automatically deleted:
- the IP address of the Internet-enabled device making the requesting,
- the date and time of the access,
- the name and URL of the file accessed,
- the website from which access was made (referrer URL),
- the browser you are using and, if applicable, the operating system of your Internet-capable computer as well as the name of your access provider.
The legal basis for processing the IP address is Art. 6 (1) point f) GDPR. Our legitimate interest arises from the purposes of data collection listed below. We wish to point out that we are not able to draw any direct conclusions about your identity from the data collected, nor can any be drawn through us. The IP address of your device and the other data listed above are used by us for the following purposes:
- to ensure a smooth connection setup,
- to ensure smooth use of our website, and
- to evaluate system security and stability.
If you accept geolocalization in your browser or operating system or other settings of your device, we use this function in order to be able to offer you individual services related to your current location. We process your location data in this way exclusively for this function. The data will be deleted once the use has ended.
3.2. Conclusion, performance or termination of a contract
3.2.1. Processing data upon the conclusion of a contract
The scope of GARPA’s business is the distance selling of goods and services, retail trade within the framework of permits issued by the relevant authorities, and the serial production of goods to be offered. In this context, we process the data required for conclusion, performance or termination of a contract with you. This includes:
- Salutation, Title, First Name, Surname
- Invoice and Delivery Address
- Email Address
- Billing and Payment Information
- Date of Birth
- Telephone Number
Art. 6 (1) point b) of the GDPR serve as the legal basis, i.e. you provide us with the data on the basis of the contractual relationship between you and us. In order to process your email address for online orders, we are also obliged to electronically confirm receipt of your order due to a provision in the German Civil Code (BGB). Art. 6 (1) point c) of the GDPR serve as the legal basis. We store the data collected for performing the contract at least until the expiry of the statutory or possible contractual warranty and guarantee rights, provided we do not use your contact data for advertising purposes (see 3.3. below).
The following data processing operations are also required to process the purchase agreement:
We pass on your delivery address details to a logistics company commissioned by us to process the purchase agreement. Should you provide your consent, we will forward your email address and telephone number to the logistics company commissioned by us in order to ensure that the goods are delivered according to your wishes. The logistics company will contact you prior to delivery to provide you with the time of delivery or to discuss delivery details with you. The data will be transmitted exclusively for this purpose and deleted after delivery.
3.2.2. Identity, creditworthiness and information to credit agencies
If necessary, we may verify your identity by consulting information from service providers. Art. 6 (1) points b) and f) of the GDPR serve as the legal basis. Authorisation to do so arises from ensuring the protection of your identity and the avoidance of fraud attempts at our expense. The circumstance and the result of our enquiry will be added to your customer account or your guest account for the duration of the contractual relationship.
During the ordering process, we also check your credit rating, provided that you select the payment method ‘on account’. For this purpose we pass on the following types of data to credit agencies cooperating with us: name, address, date of birth. Art. 6 (1) point f) of the GDPR serve as the legal basis. The legitimate interest required under this provision arises from our interest in minimising the credit risk associated with these types of payments. The circumstance and the result of our enquiry will be added to your customer account for the duration of the contractual relationship.
Data transfer to CRIFBÜRGEL according to EU-DSGVO
In the framework of this contractual relationship, we transfer collected personal data regarding the application for, implementation and termination of this business relationship as well as data on contractually non-compliant behaviour or fraudulent behaviour to CRIF Bürgel GmbH, Radlkoferstrasse 2, 81373 Munich.
These transfers of data have a legal basis in Article 6 Paragraph 1 Letter b and Article 6 Paragraph 1 Letter f of the General Data Protection Regulation (GDPR). Data transfers based on Article 6 Paragraph 1 Letter f GDPR are only permissible if they are necessary to protect the justified interests of our company or third parties and these interests do not outweigh the interests or basic rights and basic freedoms of the person in question that require the protection of personal data. The exchange of data with CRIFBÜRGEL also serves to fulfil legal obligations relating to the conducting of customer creditworthiness checks (§ 505a and 506 of the German Civil Code).
CRIFBÜRGEL processes the received data and also uses the data for the purpose of profiling (scoring) in order to provide information for, among other things, assessment of the creditworthiness of natural persons to its contracting partners in the European Economic Area and in Switzerland as well as in other third countries (in so far as there is an adequacy decision of the European Commission relating to these countries). More information on the activities of CRIFBÜRGEL can be obtained from the CRIFBÜRGEL information sheet or viewed online at https://www.crifbuergel.de/en/privacy
If you have already made a purchase with us, your data stored by us about you can be supplemented by score values. Scoring is the process of making a forecast of future events based on information collected and past experiences. Such processing is based on Art. 6 (1) point f) of the GDPR. The preparation of such forecasts is to be regarded as a legitimate interest within the meaning of the aforementioned provision. Based on the data stored about your, you will be assigned to statistical groups of people with similar entries in the past. The underlying method used is a well-founded mathematical-statistical method for predicting risk probabilities that has long been tried and tested in practice.
In the event of a delay in payment, we reserve the right to pass on the necessary data to a company commissioned with asserting the claim if other legal requirements have been met. Art. 6 (1) point. b) and Art. 6 (1) point f) of the GDPR serve as the legal basis. The assertion of a contractual claim shall be regarded as a legitimate interest within the meaning of the second provision. Information about the delay in payment or a possible bad debt loss will also be forwarded to credit agencies cooperating with us if other legal requirements have been met. Art. 6 (1) point f) of the GDPR serve as the legal basis. The legitimate interest required here arises from our interest and that of third parties in reducing contractual risks for future contracts.
3.3. Processing data for advertising purposes
The following explanations refer to the processing of personal data for advertising purposes. The DSGVO declares such processing of data based on Art. 6 (1) point f) of the GDPR to be generally conceivable and a legitimate interest. The duration of data storage for advertising purposes does not follow rigid principles and is based on the question of whether storage is necessary for advertising purposes. Please refer to Section 3.3.3 for the procedure to be followed should you wish to assert your right to object.
3.3.1. Advertising purposes of GARPA and third parties
If you have concluded a contract with us, we will store you as a customer in our system. In this case, we process your postal contact details beyond a concrete consent, in order to send you information about products and services in this way. We process your email address, provided we have received it from you, in order to send you information about our own, similar products beyond a concrete consent.
3.3.2. Interest-Oriented Advertising
To ensure that you only receive advertising information that is of supposed interest to you, we categorise and supplement your customer profile with further information. Both statistical information and information about you (e.g. basic details from your customer profile) are used for this purpose. The aim is to provide you with advertising that is solely oriented to your actual or supposed needs and not to trouble you with useless advertising.
3.3.3. Right to object
You can object to your data being processed for the above-mentioned purposes at any time free of charge, separately for the respective communication channel, and with effect for the future. To do so, simply send an email or a letter by post to the contact details listed under Section 2.
If you object to your data being processed, the contact address concerned will be blocked for further processing for advertising purposes. We wish to point out that advertising material may still be sent temporarily in exceptional cases even after receipt of your objection. This is technically due to the necessary lead time of advertisements and does not mean that your right to object has not been considered. We ask for your understanding.
3.3.4. Information on the newsletter
We offer you the possibility to subscribe to our newsletter via our website. In order to make sure that no errors were made when entering the email address, we use the double opt-in process. This means that we will send you a confirmation link after you have entered your email address in the registration field. Your email address will be added to our mailing list only after you click on this confirmation link. Your electronic contact details will be processed solely on the basis of your consent pursuant to Art. 6 (1) point a) of the GDPR. You may revoke your consent at any time with effect for the future. To do so, simply send an email to the email address provided under Section 2 or click on the “Unsubscribe” button at the end of each newsletter.
3.4. Online presence and website optimisation
3.4.1. Cookies – general information
econda GmbH uses solutions and technologies to collect and store anonymised data and to create user profiles from this data using pseudonyms in order to design and optimise this website according to your needs. For this purpose, cookies can be used which enable recognition of an Internet browser. However, user profiles are not merged with data about the bearer of the pseudonym without the express consent of the visitor. In particular, IP addresses are made unrecognisable immediately after receipt, so that it is not possible to assign user profiles to IP addresses. The analysis of user behaviour is based on Art. 6 (1) point f) of the GDPR. The website operator has a justified interest in the anonymous analysis of user behaviour in order to optimise both their website and advertising. Visitors to this website can object to this collection and storage of data at any time for the future. The objection only applies to the device and the web browser on which it was set, please repeat the process on all devices as needed. If you delete the opt-out cookie, requests will be sent to econda again. Disable Econda tracking.
3.4.3. Google Analytics
We use Google Analytics, a web analysis service provided by Google Inc. (“Google”), to provide need-based design and continuous optimisation of our pages in accordance with Art. 6 (1) point f) of the GDPR. In this context, pseudonymised user profiles are created and cookies are used. The information generated by the cookie about your use of this site such as
- Browser type/version,
- Operating system used,
- Referrer URL (the previously visited page),
- Host name of the accessing computer (IP address),
- Time of the server request,
are transferred to a Google server in the USA and stored there. The information is used to evaluate the use of the website, to compile reports on website activities and to provide other services related to website and Internet use for market research purposes and to design these Internet pages in line with requirements. This information may also be transferred to third parties if this is required by law or if third parties process this data on behalf of third parties. Under no circumstances will your IP address be merged with other Google data. The IP addresses are anonymised so that it is not possible to associate them with a user (IP masking).
3.4.4. Facebook Custom Audience via the Pixel Method
We use “Facebook pixels” on our website, a service provided by Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (hereinafter “Facebook”).
If you have a Facebook user account and are registered, Facebook can associate the visit to your user account. The data collected about you is anonymous to us and does not give us any information about the identity of the user. However, Facebook may associate this data with your Facebook account. We have no control over the extent and further use of data collected by Facebook through the use of Facebook pixels. Even if you are not registered with Facebook or have not logged in, Facebook may collect and store your IP address and other identifying information.
The targeting measures listed below and implemented by us are carried out on the basis of Art. 6 (1) point f) of the GDPR. We want to ensure that you only see advertising on your end devices that is oriented towards your actual or supposed interests through the targeting measures used. It is both in your and our interest to not bother you with uninteresting advertisements.
We also use re-targeting technologies from Google. This enables us to make our online offer more interesting and tailored to your needs. For this purpose, a cookie is set with which data from interested customers is collected using pseudonyms. This information is used to display interest-related advertisements about our offers on the websites of our partners. No directly personal data will be stored and no user profiles will be merged with personal data on you. The cookie is stored for a period of 2 years and then automatically deleted.
188.8.131.52. Right to object/opt-out
In addition to the deactivation methods described above, you can also generally prevent the targeting technologies described above by setting the appropriate cookie in your browser (see also 3.4.1.). In addition, you can deactivate preference-based advertising with the help of the preference manager by accessing it here.
3.4.6. Social Media Plug-Ins
We use social plug-ins from the social networks Facebook, Instagram, Pinterest and YouTube on our website on the basis of Art. 6 (1) point f) of the GDPR in order to make our company better known. The underlying advertising purpose is to be regarded as a legitimate interest within the meaning of the GDPR. The responsibility for operation that is compliant with data protection regulations is to be guaranteed by their respective providers. These plug-ins are integrated by the two-click method in order to protect visitors to our website in the best possible way.
We use plug-ins from the social network Facebook on our website, which are offered by Facebook Inc. The Facebook plug-ins are marked with a Facebook logo or contain “Like” or “Share”. An overview of the Facebook plug-ins and their appearance can be found by clicking the following link.
When you activate such a plug-in (first click), your browser establishes a direct connection to Facebook’s servers. The content of the plug-in is transmitted directly from Facebook to your browser and integrated into the page. This integration provides Facebook with the information that your browser has accessed the corresponding page of our website, even if you do not have a Facebook account or are not logged in to Facebook. This information (including your IP address) is transmitted directly from your browser to a Facebook server in the USA where it is stored. If you are logged in to Facebook, Facebook can immediately associate your visit to our website with your Facebook account. If you interact with the plug-ins, for example by pressing the “Like” button, this information is also transmitted directly to a Facebook server where it is stored. The information will also be published to your Facebook account and displayed to your Facebook friends.
If you do not want Facebook to associate the data collected about your visit to our site directly with your Facebook account, you must log out of Facebook before visiting our site.
Our website also uses social network plug-ins from Instagram. The Instagram service is a Facebook product provided by Facebook Inc. The plug-ins are marked with an Instagram logo, for example in the form of an “Instagram camera”.
When you activate the plug-in (first click), your browser establishes a direct connection to Instagram’s servers. The content of the plug-in is transmitted directly from Instagram to your browser and integrated into the page. This integration provides Instagram with the information that your browser has accessed the corresponding page of our website, even if you do not have an Instagram account or are not logged in to Instagram.
This information (including your IP address) is transmitted directly from your browser to an Instagram server in the USA where it is stored. If you are logged in to Instagram, Instagram can immediately associate your visit to our website with your Instagram account. If you interact with the plug-ins, for example by pressing the “Like” button, this information is also transmitted directly to an Instagram server where it is stored. The information will also be published to your Instagram account and displayed to your Instagram contacts.
Our website uses plug-ins from YouTube which is operated by Google. YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA is the site operator.
We also use social plugins on our website by the social network Pinterest, which is operated by Pinterest Europe Ltd. Palmerston House, 2nd Floor Fenian Street, Dublin 2, Ireland (“Pinterest”). If you visit a page that contains such a plug-in, your browser establishes a direct connection with the Pinterest servers. The plug-in transmits protocol data to the server of Pinterest. This log data may include your IP address, the address of the websites visited, which also contain Pinterest functions, browser type and settings, date and time of the request, your use of Pinterest, and cookies.
We operate a fan page on the social media network Facebook Inc., 1601 Willow Road, Menlo Park, California, 94025, USA (“Facebook”) under joint responsibility to communicate with interested parties and followers and to inform them about our products and services. All products for customers from the European Economic Area and Switzerland are offered by Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland.
We may receive statistics from Facebook on the use of our fan page (for example, information about the number, names, interactions, such as likes or dislikes, comments, and summarised demographic and other information or statistics based on certain parameters about our company and the content on our fan page that help us learn about interactions with our site). For more information on the nature and scope of these statistics, please refer to the Facebook Site Stats Insights and responsibilities in the Facebook Page Insights Supplement. The legal basis for this type of data processing is Art. 6 Para. 1 lit. f) GDPR based on our aforementioned legitimate interest.
You have the opportunity to participate in various competitions on our website, via our social media channels (including Facebook, Instagram, Pinterest) or through our newsletter. Unless otherwise specified in the respective competition or unless you have given us further express consent, the personal data you provide to us in connection with participation in the competition will be used exclusively for the purpose of processing the competition (e.g. determining the winner, notifying the winner, sending the prize). The legal basis for data processing within the framework of competitions is Art. 6 (1) lit. b) of the GDPR. If a declaration of consent is submitted in the context of a competition, Art. 6 (1) lit. a) of the GDPR is the legal basis for data processing based on the consent. If you have given your consent in the context of a competition, your data will be processed based on this consent, and you have the opportunity to revoke this consent at any time with effect for the future.
The data will only be passed on to third parties if this is necessary for the executing the competition (e.g. sending the prize via a logistics company).
The winners’ data will be kept for the duration of the legal warranty claims in the case of material prizes, in order to arrange for any defects to be repaired or replaced.
We offer visitors to our websites the opportunity to contact us via a contact form or by email. We use the information you provide via the contact form or by email (required information is marked with an asterisk) exclusively for the purpose of processing your request. This is done on the basis of Art. 6 (1) point f) of the GDPR. Proper handling of your concerns is to be regarded as a legitimate interest within the meaning of the GDPR. If you contact us in connection with a contractual relationship between you and us, Art. 6 (1) point b) of the GDPR, i.e. this contractual relationship, is also the legal basis for processing data. The data provided will be deleted immediately after use, unless there is a legal retention period. Your data will not be used for another purpose or transferred to third parties unless you have consented to this.
3.7. Access to the GARPA image archive/image database
We use the double opt-in procedure to register to our database. This means that after you register, we will send you an email to the specified email address in which we ask you to confirm that you wish to have your data entered into the database. If you do not confirm your registration within 24 hours, your information will be blocked and automatically deleted after one month. In addition, we store your IP addresses and the time of registration and confirmation. The purpose of the procedure is to be able to prove your registration and, if necessary, to clarify any potential misuse of your personal data.
The functions of the database can be described as follows:
For press contacts: Providing free image and text files for editorial purposes only.
For architects & interior designers: Providing free technical drawings, image and text files for personal, educational and informative purposes, for preparing quotations/cost estimates to end customers in connection with the sale of GARPA products via the company itself and for use in training courses or seminars.
3.8. Furnishing Planner
The Furnishing Planner on this website uses HTML5 storage objects that are stored on your mobile device. These objects store the required data (current plans, saved plans) independently of your browser and do not have an automatic expiry date. No personal data is stored by the Furnishing Planner. You can prevent the use of HTML5 storage objects by using private mode in your browser.