Go to homepage
€0.00

Privacy

Privacy Policy

1. General Information

When you use our online store, various types of personal data are processed depending on the nature and extent of your use. Personal data is information that relates to an identified or identifiable natural person (hereinafter referred to as “data subject”). A natural person is considered identifiable if they can be identified directly or indirectly (e.g., by assigning them an online identifier). This includes information such as name, address, telephone number, date of birth, or IP addresses.

With this privacy policy, we inform you in accordance with Art. 12 GDPR about which personal data is processed when you use our online shop. Below you will find information in particular about which data we collect in connection with your visit and use of our online shop, what we use the collected data for, and for what purposes the data is collected. You will also find information about your rights in connection with the processing of your personal data.

We reserve the right to amend this privacy policy with future effect, in particular in the event of further development of our online shop, the use of new technologies, or changes to the legal basis or relevant case law. This privacy policy applies to all pages of our online shop (www.cti-shop.com). It does not extend to any linked websites or internet presences of other providers.

2. Controller

The controller pursuant to Art. 4 No. 7 GDPR is

CTI Commerzielle und Technische Informationssysteme GmbH

Eythstrasse 11

04129 Leipzig E-Mail: info@cti-lean.com

Tel.: +49 (0) 341 223877 60

3. Data Protection Officer

If you have any questions about data protection in relation to our company or our online store, you can contact our data protection officer. You can reach our data protection officer at the e-mail address s.schuldt@gp-data.de or at the following postal address:

GP Data GmbH

Ansprechpartner: Stephan Schuldt

Karl-Tauchnitz-Straße 3

04107 Leipzig

4. Security

For security reasons and to protect your personal data when it is transmitted to us, we use SSL or TLS encryption to protect your data from access by unauthorized persons. You can recognize an encrypted connection by the string https:// and the lock symbol in the address bar of your browser.

5. Purposes and Legal Bases of Processing

5.1. Accessing and Visiting Our Platform – Server Log Files

For the technical provision of our online shop, it is necessary for us to process certain information automatically transmitted by your browser so that our platform can be displayed and used in your browser. This information is automatically collected each time you access our platform and stored in so-called “server log files.” The information transmitted by your browser and stored in the server log files is as follows:

· IP address

· Date and time of the request

· Time zone difference to Greenwich Mean Time (GMT)

· Content of the request (specific page)

· Access status/HTTP status code

· Amount of data transferred

· Website from which access is made (referrer URL)

· Browser type and browser version

· Operating system used

The storage of the aforementioned access data is necessary for technical reasons in order to provide our online shop and to ensure system security. This also applies to the storage of your IP address, which is necessary and, under certain conditions, may at least theoretically enable your personal identification. Beyond the purposes mentioned above, we use server log files exclusively for the needs-based design and optimization of our platform, purely for statistical purposes and without any reference to your person. This data is not merged with other data sources, nor is it evaluated for marketing purposes.

The access data collected in the context of using our online shop is stored for the period of time required to achieve the above purposes. Your IP address is stored on our web server for a maximum of 7 days for IT security purposes.

If you visit our online shop to use our range of services, the basis for the temporary storage and processing of access data is Art. 6 (1) (b) GDPR, which permits the processing of data for the performance of a contract or for the implementation of pre-contractual measures. In addition, Art. 6 (1) (f) GDPR serves as the legal basis for the temporary storage of technical access data. Our legitimate interest here is to be able to provide you with a technically functional and user-friendly online shop and to ensure the security of our systems.

5.2. Use of cookies and associated plugins/tools

5.2.1. Cookies

We use so-called “cookies” on our website. Cookies are small text files that are stored on the hard drive of the device you use to access our website. The characteristic character strings contained in the cookies enable the browser you are using to be identified when you visit our website. Cookies cannot execute programs or transfer viruses to the device you are using. They serve to make our website more user-friendly, effective, and secure, and to enable the provision of certain functionalities on our website.

Cookies may contain data that enables the device you are using to be recognized. In some cases, cookies only contain information about certain settings (e.g., language settings) that are not personally identifiable.

You can refuse the use of cookies and delete cookies at any time by adjusting the settings on your device:

Most browsers are preset to automatically accept cookies. You can change this presetting by activating the “do not accept cookies” setting in your browser. For more information, please contact your browser provider.

Cookies that have already been stored can be deleted at any time. For more information on deleting cookies, please contact your browser provider.

Like the use of cookies, their rejection or deletion is also linked to the device used and the browser used in each case. You must therefore reject or delete cookies separately for each of your devices and, if you use multiple browsers, for each browser.

If you activate the “do not accept cookies” function in your browser, it is possible that not all functions of our website or individual functions will be available to you to a limited extent.

A distinction is made between so-called “session cookies,” which are deleted as soon as you close your browser, and so-called “permanent cookies,” which are stored beyond the individual session and are only deleted after a defined period of time.

We only use necessary cookies on our platform. Necessary cookies help to make a website usable by enabling basic functions such as page navigation and access to secure areas of the website. The website cannot function properly without these cookies.

The legal basis for the storage of necessary cookies is § 25 (2) No. 2 TDDDG.

5.3. Registration

Users of our online store can create a user account. The following personal data is processed during the registration process:

· Account type (private/commercial)

· Title

· First name, last name

· E-Mail

· Password

· Address (street, house number, postal code, city, country)

· Different delivery address, if applicable

After successful registration, you will have access to the following functions of our online shop:

· Shopping:

After successful registration, you can purchase the products we offer via our online shop using the information stored in your user profile. However, it is also possible to make purchases in our online shop without prior registration. For more information on the processing of your personal data in connection with purchases in our online shop, please refer to section 5.4.

· User profile:

Registered users can change the personal data they provided during the registration process at any time via their user profile.

· Order overview:

Registered users who have purchased a product via our online shop will find an overview of the orders they have placed in their user profile.

The processing of the aforementioned data provided by you during the registration process is carried out for the purpose of implementing the user relationship established by the registration and, if applicable, for initiating further contracts (in particular purchase contracts) on the basis of Art. 6 (1) lit. b GDPR.

The data collected when you register your user account will be stored by us for as long as you are registered as a user in our online shop and will then be deleted. Statutory retention periods remain unaffected

5.4. Shopping

5.4.1. Data processing upon conclusion of contract

When you make a purchase in our online shop, we collect and process your purchase data. Purchase data may include the following information in particular:

· Order number

· Details of the products purchased (name, quantity, purchase price, etc.)

· Payment method details;

· Delivery and billing address;

· Messages and communication relating to the purchase (e.g., declarations of revocation, complaints, and messages to customer service);

· Delivery and payment status, e.g., “paid” and “shipped”;

· Details of service providers involved in the execution of the contract.

We process your aforementioned personal data for the purpose of order processing on the basis of Art. 6 (1) lit. b GDPR. The personal data processed in connection with your order will be deleted as soon as storage is no longer necessary.

5.4.2. Data processing during the payment process

As part of order processing, we pass on your payment details to payment service providers commissioned by us. The type and scope of the data passed on depends on the payment method chosen by the user.

· PayPal

If you wish to pay for an order in our online shop with PayPal, where possible, the amount you have to pay, along with your first and last name, delivery address, email address, telephone number, and IP address, will be transmitted to PayPal (PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg) so that you can authorize the payment to us via PayPal. You will need a PayPal account for this.

The legal basis for the associated data processing is Art. 6 (1) lit. b GDPR, as the processing of the aforementioned data is necessary for payment via PayPal and thus for the execution of the contract. The data transmitted to PayPal may be transmitted by PayPal to credit agencies. PayPal does this for the purpose of performing an identity and credit check. PayPal may also pass on your data to third parties if this is necessary to fulfill contractual obligations or if the data is to be processed on behalf of PayPal. PayPal's privacy policy is available at the following link: https://www.paypal.com/de/webapps/mpp/ua/privacy-full/.

The legal basis for the associated data processing is Art. 6 (1) lit. f GDPR, based on our interest in offering you an effective and secure payment option and preventing fraud in this context.

· Stripe

If you wish to pay for an order in our online shop using the “Stripe” payment service, payment processing will be carried out by Stripe Payments Europe Ltd, Block 4, Harcourt Centre, Harcourt Road, Dublin 2, Ireland. For this purpose, we will transmit the information you provide during the ordering process, along with information about your order (name, address, account number, bank code, credit card number, invoice amount, currency, and transaction number) to the provider. Your data will be passed on exclusively for the purpose of payment processing. For more information on data protection, please refer to Stripe's privacy policy: https://stripe.com/de/terms

The legal basis for the associated data processing is Art. 6 (1) lit. b GDPR, as the processing of the aforementioned data is necessary for payment with Stripe and thus for the execution of the contract.

· Invoice, prepayment

If you wish to pay for an order in our online shop – as far as possible – by prepayment or on account, we will not receive any direct payment data from you via the online shop.

5.4.3. Data transfer to transport service providers

For the purpose of delivering goods that you have ordered via our online shop, we work with logistics service providers/transport companies. The following data may be passed on to them for the purpose of delivering the ordered goods:

· First name

· Last name

· Postal address

The legal basis for processing is Art. 6 (1) lit. b GDPR.

5.4.4. Transfer of data on outstanding claims

If you do not settle outstanding invoices despite repeated reminders, we may pass on the data necessary for the enforcement of our claim to a debt collection service provider or a lawyer commissioned by us for the purpose of enforcing the claim.

The legal basis for the processing of your personal data in connection with the enforcement of claims is Art. 6 para. 1 lit. c GDPR.

The legal basis for the processing of your personal data in connection with the enforcement of claims is Art. 6 (1) (c) GDPR.

5.5. Contacting us

If you use the contact details provided in our online shop to contact us, your request, including all resulting personal data (name, contact details), will be stored and processed for the purpose of processing your request.

The processing of the aforementioned data is based on Art. 6 (1) lit. b GDPR, insofar as your request is in connection with the establishment or implementation of a contractual relationship. In all other cases, processing is based on our legitimate interest in the effective processing of inquiries addressed to us (Art. 6 (1) (f) GDPR) or on your consent (Art. 6 (1) (a) GDPR), if such consent has been requested.

The data you provide or send us in connection with your inquiry will be stored by us until you request its deletion, revoke your consent to its storage, or the purpose for data storage no longer applies (e.g., after your inquiry has been processed). Mandatory legal provisions, in particular statutory retention periods, remain unaffected.

5.6. Hosting

Our website is hosted by an external service provider, Alfahosting GmbH, Ankerstraße 3b, 06108 Halle (Saale), Germany. The data collected when using our website is stored on our host's servers. This data includes, in particular, IP addresses, contact requests, meta and communication data, contact details, website accesses, and other data that is generated when using a website.

Our host is used for the purpose of fulfilling contracts with our potential and existing customers (Art. 6 (1) (b) GDPR) and in the interest of secure, fast, and efficient provision of our online services by a professional provider (Art. 6 (1) (f) GDPR).

Our host will only process your data to the extent necessary to fulfill its contractual service obligations. Further information can be found in the privacy policy of Alfahosting GmbH at: https://alfahosting.de/datenschutz/

To ensure data protection-compliant processing, we have concluded a data processing agreement with the host we use.

5.7. Other processing purposes

5.7.1. Compliance with legal requirements

We also process your personal data in order to fulfill other legal obligations that may apply to us in connection with our business activities. These include, in particular, retention periods under commercial, trade, or tax law. We process your personal data in accordance with Art. 6 (1) (c) GDPR in order to fulfill a legal obligation to which we are subject.

5.7.2. Enforcement of legal rights

We also process your personal data in order to assert our rights and enforce our legal claims. We also process your personal data in order to defend ourselves against legal claims. Finally, we process your personal data to the extent necessary to prevent or prosecute criminal offenses. In this context, we process your personal data to protect our legitimate interests in accordance with Art. 6 (1) (f) GDPR, insofar as we assert legal claims or defend ourselves in legal disputes or prevent or investigate criminal offenses (legitimate interest).

5.8. Recipients of data

Within our company, those departments that need your data to fulfill our contractual and legal obligations will have access to it. Service providers and vicarious agents employed by us (e.g., technical service providers, shipping companies, waste disposal companies) may also receive

data for these purposes. We limit the disclosure of your personal data to what is necessary, taking into account data protection regulations. In some cases, the recipients receive your personal data as processors and are then strictly bound by our instructions when handling your personal data. In some cases, the recipients act independently under their own data protection responsibility and are also obliged to comply with the requirements of the GDPR and other data protection regulations.

Finally, in individual cases, we transfer personal data to our advisors in legal or tax matters, whereby these recipients are obliged to maintain special confidentiality and secrecy due to their professional status.

6. Duration of data Storage

We initially process and store your personal data for the duration of the respective purpose of use (see above for the individual processing purposes). This may also include the periods of time required to initiate a contract (pre-contractual legal relationship) and to execute a contract. On this basis, personal data is regularly deleted in the context of fulfilling our contractual and/or legal obligations, unless its temporary further processing is necessary for the following purposes:

· Compliance with statutory retention obligations, e.g., those arising from the German Commercial Code (Sections 238, 257 (4) HGB) and the German Fiscal Code (Section 147 (3), (4) AO). The retention and documentation periods specified therein are up to ten years.

· Preservation of evidence, taking into account the statute of limitations. According to §§ 194 ff. of the German Civil Code (BGB), these limitation periods can be up to 30 years, with the regular limitation period being three years.

7. Your rights

As a data subject, you have the following rights under the legal requirements:

7.1. Right of access

You are entitled at any time to request confirmation from us under Article 15 GDPR as to whether we are processing personal data relating to you; if this is the case, you are also entitled under Article 15 GDPR to information about this personal data and certain other information (in particular processing purposes, categories of personal data, categories of recipients, planned storage period, origin of the data, use of automated decision-making and, in the case of third-country transfers, the appropriate safeguards) and a copy of your data. The restrictions of § 34 BDSG apply.

7.2. Right to rectification

Pursuant to Art. 16 GDPR, you are entitled to request that we correct any personal data stored about you if it is inaccurate or incorrect.

7.3. Right to erasure

Under the conditions set out in Art. 17 GDPR, you are entitled to request that we erase personal data concerning you without delay. The right to erasure does not apply, among other things, if the processing of your personal data is necessary, for example, to fulfill a legal obligation (e.g.,

statutory retention obligations) or to assert, exercise, or defend legal claims. In addition, the restrictions of § 35 BDSG apply.

7.4. Right to restriction of processing

You are entitled, under the conditions of Art. 18 GDPR, to request that we restrict the processing of your personal data.

7.5. Right to data portability

You are entitled, under the conditions of Art. 20 GDPR, to request that we provide you with the personal data concerning you that you have provided to us in a structured, commonly used, and machine-readable format.

7.6. Right of revocation

You can revoke your consent to the processing of personal data at any time. This also applies to the revocation of declarations of consent that were given to us before the GDPR came into force, i.e. before May 25, 2018. Please note that the revocation only takes effect for the future. Processing that took place before the revocation is not affected by the revocation of consent. To declare your revocation, an informal notification, e.g., by e-mail to us, is sufficient.

7.7. Right to object

You are entitled to object to the processing of your personal data under the conditions of Art. 21 GDPR, so that we must stop processing your personal data. The right to object only exists within the limits provided for in Art. 21 GDPR. In addition, our interests may prevent us from terminating the processing, so that we are entitled to process your personal data despite your objection. We will take any objection to direct marketing measures into account immediately and without further consideration of the existing interests.

Information about your right to object under Art. 21 GDPR

You have the right to object at any time to the processing of your data on the basis of Art. 6 (1) lit. f GDPR (data processing based on a balancing of interests) or Art. 7 (1) sentence 1 lit. e GDPR (data processing in the public interest) if there are reasons for this arising from your particular situation.

If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or the processing serves to assert, exercise, or defend legal claims.

The objection can be made informally and should be addressed to:

CTI Commerzielle und Technische Informationssysteme GmbH

Eythstrasse 11

04129 Leipzig E-Mail: info@cti-lean.com

Tel.: +49 (0) 341 223877 60

7.8. Right to lodge a complaint with a supervisory authority

Under the conditions of Art. 77 GDPR, you have the right to lodge a complaint with a competent supervisory authority. In particular, you can lodge a complaint with the supervisory authority responsible for us (Saxon Data Protection and Transparency Commissioner;

https://www.datenschutz.sachsen.de/kontakt.html) or another competent supervisory authority. A list of data protection supervisory authorities and their contact details can be found at the following link: https://www.bfdi.bund.de/DE/Service/Anschriften/Laender/Laender-node.html

7.9. Other concerns

If you have any further questions or concerns regarding data protection, please contact our data protection officer using the contact details provided above.

8. Obligation to provide data

In principle, you are not obliged to provide us with your personal data. However, if you do not do so, we will not be able to make our website available to you without restrictions or respond to your inquiries. Personal data that we do not necessarily require for the above-mentioned processing purposes is marked accordingly as voluntary information.

9. Automated decision-making/profiling

We do not use automated decision-making or profiling (automatic analysis of your personal circumstances).

This website uses cookies to ensure the best experience possible. More information...