360 decoro Holding GmbH (FN 404952v) (hereinafter referred to as “we”, “us” or “360 decoro Holding GmbH”) welcomes you on our website and thanks you for your interest in our company and the products and services we offer. We are committed to protect your private data and a careful processing of these.
The processing of private information follows exclusively the legal framework provided by the European Union’s data protection law, especially the General Data Protection Regulation (hereinafter referred to as “GDPR”), and the federal data protection act.
We inform you about how we process personal data and about your rights as a user of our website. The terms used, such as “private data”, “private information” and their “processing”, correspond to the definitions in Art. 4 GDPR.
1. Subject and Bases Of Data Protection
The subject of data and privacy protection are personal data. Personal data are any information that relate to a natural person (the data subject) that can be identified. This regards information such as name, postal address, e-mail address or phone number, but also information that is necessarily required for using our website, such as information about when the user has started and quit using the website, and the IP address.
We process personal data in accordance with the respective data protection regulations. This means that we only process your data with your consent or legal permission, e.g. when processing the data is required to fulfil our contractual agreements (e.g. processing of orders) or when it is required by law or if it is of our legitimate interest as described in Art. 6 Sec. 1, lit. f) GDPR (e.g. our interest in analysis, optimisation and safe operation of our online services).
We have put in place organisational, contractual and technical state-of-the-art safeguards to fulfil data protection regulations and thus protect the data we process against accidental or deliberate manipulation, loss, destruction or access by non-authorised persons.
2. Website and Cookies
It is generally possible to use our website without registration and without providing personal data. Even though you can use our website this way for information purposes, we might automatically collect and process personal data. In the following sections, you find an overview about the type, amount, use and legal basis for data processing on our website.
When accessing our website with your device, we collect and process the following data in server log files:
- IP address
- Access date and time
- Duration of the visit
- Device type
- Used operating system
- The function that you used
- Amount of sent data
- Type of event
- Reference URL
- Domain name
We process these data on the basis our legitimate interests according to Art. 6 Sec. 1 lit. f) GDPR in providing and displaying the website, ensuring technical operation, logging and fixing errors and for security reasons (e.g. to solve cases of misuse or fraud). When opening our website, these data are processed automatically. Without collecting these data, you will not be able to use our website. We do not use this data for identification purposes.
It is not obligatory to accept Cookies for using our website. If you like to opt out from using Cookies, you can prevent your browser from saving Cookies on your device by adapting the settings or by using an alternative opt-out option. Please note that this can lead to a reduced functionality of our website. You can delete stored Cookies anytime in your browser’s system settings.
3. Services That Require Registration
Within our company, access to personal data is restricted to personnel that need this information for the respective stated purposes.
If you contact us via e-mail or a contact form and provide personal data, this happens entirely on a voluntary basis. Your data will be processed to take charge of your contact inquiry and will be processed in accordance with Art. 6, Sec. 1, lit. b) GDPR, and within its limits might be transferred to co-branded sites and third parties. The data can also be stored in our Customer Relationship Management (CRM) system. We will delete the data you have provided as soon as their scope becomes obsolete, and no legal requirement comes to force (e.g. if the further processing of data is required to fulfil an already signed contract). If and as long as legal requirements to store the data are in force, we will delete the data after the respective timeframe.
4. Storage Duration
For the storage duration of personal data, please refer to the description of the respective offer or service. Additionally and if not stated otherwise in the service/offer description, the following generally applies: We only store your personal data for the time required to fulfil the scope of processing or – in case of your consent – as long as you have not withdrawn your consent. In case of a withdrawal of consent we delete your personal data, except when a further processing is not allowed by law. We also delete your personal data when we are required to do so for legal reasons. If and as long as legal requirements to store the data are in force, we will delete the data after the respective timeframe.
To subscribe for our newsletter, you only have to provide your name and e-mail address. We send newsletter only after you have registered for it, i.e. with your consent according to Art. 6, Sec. 1, lit. a) GDPR. If the newsletter contents (i.e. the advertised goods and/or services) are specifically defined, they are representative for the scope of your consent. Our newsletters contain information on our products, offers, deals and/or our company.
Subscription follows a so-called double opt-in procedure, i.e. after your registration, you will receive an e-mail in which you have to confirm your registration. This prevents your e-mail address from misuse. We log newsletter subscriptions to disclose the registration process in accordance with legal requirements and to prevent and solve misuse of your personal data. Logging of the registration process is based on our legitimate interests as stated in Art. 6, Sec.1, lit. f) GDPR for operating a user-friendly and safe newsletter system and to disclose the registration process and consent.
You can revoke your consent to receiving our newsletter at any time, especially be unsubscribing our newsletter. You find an Unsubscribe link to exercise your right at the end of every newsletter. If you have only registered for our newsletter, your personal data will be deleted in case you unsubscribe from our newsletter.
6. Tools and Applications
Our website does not solely serve information purposes, but we also provide various services and function that you can use if you are interested. To do so, you generally have to provide further personal data that we need to offer the respective services and functions. This is described in the following paragraphs.
For using the following functions on our website, a registration with an individual profile/setup of a user-account is required: Licence overview, Support management, Downloads
For the registration, these fields are mandatory and marked with *:
your inquiry, when there is a legal permission to do so or when we have your consent to do so.
External recipients can be co-branded companies or external service providers which we use as data processors for our service delivery, for example regarding technical infrastructure and maintenance of our website. These data processors are selected carefully and are evaluated on a regular basis. They are only allowed to use the data for the defined purpose and at our command.
It can further happen that we have to transfer personal data for legally binding reasons to authorities and governmental institutions such as public prosecution departments, courts or financial authorities. This transfer is in accordance with Art. 6, Sec. 1, lit. c) GDPR.
We can further transmit your personal data to third parties when we offer deals, prize games, mutual contracts or other services together with partners or service providers (e.g. transportation service providers). In this case, disclosure of data is based on consent, for the performance of a contract with you or for the purposes of our legitimate interests as stated in Art. 6, Sec. 1 lit. a), b) and/or f) GDPR. You receive further information when stating your personal data associated with the respective processing.
a. Google Analytics
Google processes the transferred information on our behalf in order to analyse the use of our online services by the users, to create reports about activities in online services and to provide services associated with the web site. Based on the processed data, pseudonymous user profiles might be created.
We use Google Analytics only with activated IP anonymisation. This means that the user’s IP address will be shortened by Google for users within the member states of the European Union or within other states that have signed the agreement concerning the European Economic Area. Only in exceptional cases, the full IP address will be transferred to a Google Server in the USA and will be shortened there. The IP address transferred by your browser will not be merged with other Google data. By adapting your browser settings, you can prevent your browser from saving Cookies. You can also prevent that data that are created by the Cookie and that are associated with your use of the website will be sent to Google, and you can prevent that Google processes these data by downloading and installing the browser plugin that is available with this link:
For further information on how Google uses data, setting options and opt-out options, please visit Google’s websites, for example provided at this link: https://policies.google.com/privacy?hl=en&gl=en.
b. Google Adwords
c. Google Remarketing
d. DoubleClick by Google
e. Google Maps
We also use Google Maps (API) on our website, another service from Google LLC. Google Maps is a web service with interactive maps, with which geographical information can be visualised.
Data about your usage of our website, especially your IP address, will be transferred to a Google Server in the USA and stored there as soon as you open a sub-page on which a Google Maps map is embedded. This is independent from whether you have a Google user account, are logged in to it or don’t have an account at all. If you are logged in to Google, your data might be directly linked to your existing account.
Data processing is based on our legitimate interest according to Art 6 Sec. 1 lit. f) GDPR, more precisely our interest in analysing, optimising and economically operating our online services. Google is certified with the Privacy Shield framework and thus guarantees to comply with European data protection law. Detailed information about privacy regarding the use of Google Maps can be found on Google’s web page:
Websites and services of other providers that are linked on our website are provided by the respective service provider. We do not have any influence on the design, content and functions of third-party services. We explicitly distance ourselves from any content of linked offers by third parties. Please note that third-party services that are linked on our website might install their own Cookies on your device and/or collect personal data. We do not have any influence on that. Please contact the providers of linked third-party services directly to receive information on their Privacy/Cookie policies.
g. Social Media Plugins
We have embedded these social media plugins on our website: Google+. You can recognise the plugin provider by the initials or the logo in the respective icons or buttons. We use a so-called two-click solution here, i.e. when you visit our website, no personal data will be transferred to the plugin provider at first. Only when you click on the highlighted icon and thus activate it, the plugin provider receives the information that you have opened the respective website of our online services.
The plugin’s content will then be transferred from the respective provider directly to your device. In turn, personal data such as your IP address will be transferred from your device directly to the plugin provider. By activating the plugin, your personal data will be transferred to the respective plugin provider and stored there (for US-American providers in the USA). The IP address might be shortened by the providers before transferring it. We do not have any influence on the collected data and data processing, and we do not know about the volume of data logging, the purpose of data processing and saving times. We also do not have any information on how the plugin provider will delete the collected data.
The plugin provider stores the data collected from you as usage profiles and uses these for advertising, market research and/or customising his website. This evaluation is mainly used to feature customised advertising and to inform other users of the social network about your activities on our website. You can opt-out from generating these usage profiles. To do so, please contact the respective plugin provider. With these plugins, we allow you to interact with social networks and their users so that we can improve our services and make them more interesting for you as a user. The data processing is based on our legitimate interest according to Art 6 Sec. 1 lit. f) GDPR, more precisely our interest in analysing, optimising and improving our website, especially to allow or facilitate sharing parts of our websites on social networks.
Data will be transferred independently from whether you own an account with the plugin provider and are logged in there or not. If you are logged in at the plugin provider, your data will be directly linked to your existing account with the plugin provider. If you use the activated button and link the site, for example, the plugin provider stores this information in your user account and can share it publicly with your contacts.
Google LLC, 1600 Amphitheater Parkway, Mountainview, California 94043, USA:
(Google agreed to the EU-US-Privacy Shield)
A registration is not possible without providing these mandatory data. As part of your registration, you can provide further details on a voluntary basis, such as first name, last name, address 1, address 2, ZIP code, city, telephone, mobile phone, website. Please note that this information is not obligatory for a registration. It is upon you to decide whether you want to provide these data or not. Registration follows a so-called double opt-in procedure, i.e. after your registration, you will receive an e-mail in which you have to confirm your registration. This prevents your e-mail address from misuse.
Data provided for the registration will be processed based on Art. 6 Sec. 1 lit. b) GDPR to create your profile, to recognise you for every login and to provide the services that are only accessible in the part of our website that requires registration. We delete these data as soon as their purpose becomes obsolete, especially when you delete your user account for our website.
7. Data Processing
We only pass on your personal data to third parties when this is absolutely necessary for handling customising their services.
If data is transferred to organisations whose location or location of data processing is not in a member state of the European Union or a member state of the European Economic Area, we ensure prior to transferring your information that – with the exception of legally allowed exceptional cases – the recipient features an adequate data protection level (e.g. through a certificate of adequacy issued by the European Commission, by adequate guarantees or by the recipient’s self-certification for EU-US Privacy Shield or an agreement of standard contractual clauses of the European Union with the recipient) or that you have given your consent to transfer the data.
We use numerous technical and organizational security measures to protect your data against manipulation, loss, destruction and access by third parties. Our security measures are constantly being improved according to the technological development on the Internet.
9. Rights Of The Data Subject
As a data subject, i.e. a person concerned by data protection, you have several rights. These are:
- Right of information: (Art. 15 EU-GDPR) You have the right to receive information about the data that we have stored about you.
- Right of correction and deletion: (Art. 16 and Art. 17 EU-GDPR) You can demand to correct false data or to delete your data.
- Restriction of processing: (Art. 18 EU-GDPR) You can demand that we restrict the processing of your data.
- Data portability: (Art. 20 EU-GDPR) If you have provided your data based on a contract or consent, you can demand that you receive the provided data in a structured, common and machine-readable format or that we transmit these data to a different person in charge.
- Objection to data processing on legal basis “legitimate interests”: (Art. 21 EU-GDPR) You have the right to object at any time to our processing of your data, if this is based on the legal basis of “legitimate interests” for reasons that are associated with your special situation. If you use your right to objection, we will discontinue the processing of your data, unless we can provide for reasons compulsory worthy for protection that preponderate your rights.
- Opt-Out: If you have given us your consent to process your data, you can opt-out of this for the future at any time. The lawful processing of your data until the time of your opt-out remains unaffected by this.
- Right of complaint at the supervisory authority: You can also issue a complaint at the responsible supervisory authority if you think that the processing of your data is in violation of current laws. Please contact the data protection authority responsible for your location/your country or the data protection authority that is responsible for our company.
The rights described above are granted to you under the provision that the applicable legal requirements are fulfilled, even if this is not explicitly expressed in the description above.
10. Contact Information
If you have any questions to the processing of your personal data, to your rights as a data subject and a possible consent, you can contact us free of charge.
Contact-Information of responsible person in our company:
Please send requests to Denise Lang, firstname.lastname@example.org
Please make sure that a clear identification of you as a person is possible.
Effective Version: January 2019