The protection of your privacy when using our website is particularly important to us. In the following, we therefore inform you about the collection of anonymous and personal data.
Provider / responsible person in terms of data protection
This website is a service of
hoco online gmbh
House E, 1st floor
Managing director: Daniel Bohne, Sven Mack
Phone: +49 30 9599811-30
Fax: +49 30 9599811-40
registered in the commercial register of the district court Charlottenburg
under HRB 175642B
Data protection officer
ecolaw.de Society for Data Security & Data Protection mbH
represented by the managing director, Mr. Florian König
Roseggerstrasse 1, 38440 Wolfsburg, Germany
Phone +49 5361 2729-293
Fax +49 5361 2729-296
Data protection (a) ecolaw.de
registered in the commercial register of the district court of Braunschweig under HRB 203444
Competent supervisory authority
The Berlin Commissioner for Data Protection and Freedom of Information, Friedrichstr. 219, 10969 Berlin, Tel.: +49 30 13889-0, Fax: +49 30 2155050, E-Mail: firstname.lastname@example.org
Your personal data (e.g. title, name, address, e-mail address, telephone number, bank details, credit card number) will be processed in compliance with the relevant statutory data protection provisions, in particular REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27. April 2016 on the protection of individuals with regard to the processing of personal data, on the free movement of such data and repealing Directive 95/46/EC (the General Data Protection Regulation - DSGVO), the German Federal Data Protection Act (Bundesdatenschutzgesetz - BDSG) and other data-related laws [e.g. the German Telemedia Act (Telemediengesetz - TMG)] are stored and processed by us.
According to the DSGVO and other regulations, data processing and use is only permitted if the DSGVO or another legal regulation expressly permits it or if the data subject consents (prohibition with reservation of permission). According to these legal bases, data processing and use is only permitted in particular if.
a) the data subject has given his/her consent to the processing of personal data relating to him/her for one or more specific purposes;
(b) processing is necessary for the performance of a contract to which the data subject is party or for the performance of pre-contractual measures carried out at the data subject's request;
(c) processing is necessary for compliance with a legal obligation to which the controller is subject;
(d) processing is necessary in order to protect the vital interests of the data subject or another natural person;
(e) processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
(f) processing is necessary for the purposes of the legitimate interests of the controller or a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require the protection of personal data, in particular where the data subject is a child.
Accordingly, we use and process your personal data only within the permissible scope of contract performance or if you have given informed consent.
As a matter of principle, we do not pass on your personal data, including your address and e-mail address, to third parties. Exceptions to this are our service partners who require the transmission of data for the processing of the contractual relationship or if we have expressly indicated this. In these cases, however, the scope of the transmitted data is always limited to the minimum required.
Anonymous data collection
In principle, you can visit our website without telling us who you are. We only learn the name of your Internet service provider, the website from which you are visiting us, and the pages of our website that you visit. This information is only evaluated for statistical purposes. As an individual user, you will always remain anonymous. Naturally, we will not combine this information with your personal data unless you have expressly consented to this or one of the cases listed below applies.
Collection of personal data when visiting our website and using our services in general
Personal data is only collected by us if you provide it voluntarily and of your own accord. This may be the case, for example, when placing an order or executing a contract, a survey or when registering for services that require you to provide personal data (e.g. for orders, special promotions, competitions, newsletter distribution, etc.). In such cases, we generally only collect the data that we are legally authorized to collect and that is absolutely necessary for the fulfillment of the services requested by you (for example, in the case of ordering processes, this would generally be your name, address, telephone number and e-mail address; in the case of newsletter registration, for example, only your e-mail address). If we collect personal data from you (for example, via a contact or order form), then you must always provide only the required data. The mandatory data fields are marked with an asterisk. All additional data provided by you is purely voluntary and does not have to be disclosed by you. If you nevertheless provide this data, then by disclosing it you give us your consent that we may also store and process this data of yours for the purpose stated in each case; in some cases we also request your express consent for purposes under data protection law that require express consent, which you can of course give voluntarily, is not tied to any further requirements and can be revoked at any time for the future.
For the highest possible security of your data, they are transmitted by SSL encryption in encrypted form. This is to prevent misuse of the data by third parties. Your data will only be stored and processed by us on servers within the European Union. A transfer to third countries does not take place, unless we are entitled and/or obligated to do so due to a legal regulation or you have expressly consented to this beforehand. However, these cases are then also clearly marked in each case.
Data processing for contract fulfillment
Purpose of processing
Within the scope of our ordering process, for example, you provide us with your personal data. The mandatory data marked with an "asterisk" in this context is personal data that is required for the conclusion of a contract with us. Of course, you are not obliged to provide your personal data. However, without your communication of the required data (in the case of an order, for example, your address), we can not provide the service requested by you (eg the contract filling). In the case of some payment procedures, we require the necessary payment data in order to pass them on to a payment service provider commissioned by us. The processing of your data entered in the ordering process is therefore always for the purpose of fulfilling the contract.
The legal basis for this processing is Art. 6 para. 1 b) DSGVO.
Payment service providers, shipping service providers, possibly merchandise management system, possibly suppliers (dropshipping).
We store the data required for contract processing until the expiry of the statutory warranty and, if applicable, contractual guarantee periods.
We store the data required by commercial and tax law for the periods specified by law, regularly ten years (cf. § 257 HGB, § 147 AO).
E-mail addresses that we receive solely for the purpose of sending newsletters are deleted immediately as soon as you unsubscribe from the newsletter.
Data protection consent
With your registration for our service newsletter registration, customer account registration and orders you agree that
- we may use your personal data, namely
title, first name, last name, address, country, email
as well as
- IP address
- Location (geographical characteristics)
are collected and processed for the following purposes:
- Orders and order processing
- shipping notifications
- Newsletter (marketing purposes)
Google's basic privacy statements for the Analytics analysis service can be found here https://www.google.com/analytics/learn/privacy.html?hl=de
Google Analytics advertising functions
We use the advertising functions of Google Analytics. Here, in addition to the data collected by the standard implementation of Google Analytics, Google Analytics collects further data on accesses via Google cookies for ad specifications and anonymous identifiers. This includes, in particular, the following functions:
- We use the following Google Analytics advertising features:
- Remarketing with Googleanalytics
- Advertising reporting functions
- We use the Google Analytics cookies or the Google Analytics cookies for advertising purposes as follows:
- For targeting advertising preferences.
- You can disable the Google Analytics advertising features we use as follows:
Integration of the Trusted Shops trust badge
In order to display our Trusted Shops seal of approval and any ratings collected, as well as to offer Trusted Shops products to buyers after an order, the Trusted Shops Trustbadge is integrated on this website.
This serves to protect our legitimate interests in an optimal marketing of our offer, which prevail in the context of a balancing of interests according to Art. 6 para. 1 p. 1 lit. f DSGVO. The Trustbadge and the services advertised with it are an offer of Trusted Shops GmbH, Subbelrather Str. 15C, 50823 Cologne.
When the Trustbadge is called up, the web server automatically saves a so-called server log file, which contains, for example, your IP address, the date and time of the call-up, the amount of data transferred and the requesting provider (access data) and documents the call-up. This access data is not evaluated and is automatically overwritten no later than seven days after the end of your visit to the site.
Further personal data is only transferred to Trusted Shops if you have consented to this, have decided to use Trusted Shops products after completing an order, or have already registered to use them. In this case, the contractual agreement between you and Trusted Shops applies.
Google Tag Manager
To recognize your user behavior, we use so-called Google Tag Manager. Google Tag Manager is a solution that allows marketers to manage website tags through one interface. The Tag Manager tool itself (which implements the tags) is a cookie-less domain and does not collect any personal data. The tool takes care of triggering other tags, which in turn may collect data. Google Tag Manager does not access this data. If a deactivation has been made at the domain or cookie level, it will remain in place for all tracking tags implemented with Google Tag Manager.
You can find more detailed information here:https://www.google.com/intl/de/tagmanager/faq.html
Adwords conversion pixel
To recognize your user behavior, we use so-called Adwords conversion pixels. Conversion tracking is a free tool that allows us to record what happens after a user clicks on our ad. This could be, for example, buying a product, signing up for a newsletter, calling your company or downloading your app. Here, your IP address may be transmitted to the respective service. You can get more detailed information here: https://support.google.com/adwords/answer/1722022?hl=de&ref_topic=3119146
Facebook conversion pixel
To recognize your user behavior, we use so-called "visitor action pixels". Conversion measurement allows us to track across devices (including cell phones, tablets and desktop computers) what actions people take after seeing our Facebook ads. By creating a Facebook pixel and adding it to our pages where conversions are made (e.g., the purchase confirmation page), we can determine which people make conversions based on our Facebook ads. The pixel further monitors the actions that people take after clicking on our ads. Here, we can determine on which device our customers saw the ad and on which devices they ultimately made the conversion.
CONSENT to conversion measurement with Facebook's visitor action pixel.
Use of Facebook and Google+ plugins
So-called social plugins ("plugins") of the social networks Facebook and Google+ are used on our website. These services are offered by the companies Facebook Inc. and Google Inc.
("providers").Facebook is operated by Facebook Inc.,1601 S. California Ave, Palo Alto, CA 94304, USA ("Facebook").
Google+ is operated by Google Inc., 1600 Amphitheatre Parkway,
Mountain View, CA 94043, USA ("Google").
An overview of the plugins and their appearance can be found
here: http://developers.facebook.com/plugins or https://developers.google.com/+/plugins.
If you do not want Google or Facebook to assign the data collected via our website directly to your profile in the respective social network, you must register with the relevant network before visiting our website.
log out of the corresponding network before visiting our website.
You can also completely prevent the loading of the plugins with add - ons for your browser, e.g. with the script blocker "NoScript"(http://noscript.net/).
Web Analysis Tool
On this website, data is collected and stored by Piwik , a web analysis service of the provider Adnymics, from which usage profiles are created using pseudonyms. These usage profiles are used to analyze visitor behavior and are evaluated in order to improve and tailor our offer. Cookies may be used for this purpose. These are small text files that are stored locally on the computer of the site visitor and thus enable recognition when visiting our website again. The pseudonymized usage profiles are not combined with personal data about the bearer of the pseudonym without the express consent of the person concerned, which must be given separately. You can object to the collection and storage of data for the purpose of web analysis at any time with future effect by sending an e-mail to email@example.com.
Integration of third-party services and content
It may happen that third-party content, such as videos from YouTube, maps from Google Maps, RSS feeds or graphics from other websites are integrated within this online offer. This always requires that the providers of this content (hereinafter referred to as "third-party providers") perceive the IP address of the user. Without the IP address, they could not send the content to the browser of the respective user. The IP address is thus necessary for the display of this content. We endeavor to use only such content whose respective providers use the IP address only for the delivery of the content. However, we have no influence if the third-party providers store the IP address, e.g. for statistical purposes. Insofar as this is known to us, we will inform users of this.
Revocation of your consent
If you have given us your consent under data protection law for certain data uses and/or services, you can of course revoke this consent at any time with effect for the future. To do so, simply send a message to the address given below:
hoco online gmbh
House E, 1st floor
Phone: +49 30 9599811-30
Fax: +49 30 9599811-40
Your rights as a data subject
As a data subject, you have various rights with regard to your personal data. We have taken appropriate measures here as the controller to provide you as a data subject with all information pursuant to Articles 13 and 14 of the GDPR and all notices pursuant to Articles 15 to 22 and Article 34 of the GDPR that relate to the processing in a precise, transparent, comprehensible and easily accessible form in clear and simple language; this applies in particular to information specifically directed at children. The information shall be provided in writing or in another form, including electronically where appropriate. If requested by you, the information may also be provided orally, provided that your identity as a data subject has been proven in another form.
Among other things, you are of course entitled at any time to request information in writing or electronically about the data stored about you and its origin, the recipient(s) to whom the data is disclosed and the purpose for which it is stored. In addition, you have the right to demand that incorrect data be corrected and, if the legal requirements for this are met, that your data be deleted or blocked. For this purpose, a simple message to the address given below is sufficient:
hoco online gmbh
House E, 1st floor
Phone: +49 30 9599811-30
Fax: +49 30 9599811-40
In detail, you have the following rights mentioned:
Right to confirmation and information
You can request confirmation from us as to whether personal data concerning you is being processed by us.
If we process data from you, you can request information from us about the following:
a.) the purposes for which the personal data are processed;
b.) the categories of personal data which are processed;
c.) the recipients or categories of recipients to whom the personal data concerning you have been or will be disclosed;
d.) the planned duration of the storage of the personal data relating to you or, if specific information on this is not possible, criteria for determining the storage period;
e.) the existence of a right to rectification or erasure of the personal data concerning you, a right to restriction of processing by us or a right to object to such processing;
f.) the existence of a right of appeal to a supervisory authority;
g.) any available information about the origin of the data, if the personal data are not collected from the data subject;
h.) the existence of automated decision-making, including profiling, pursuant to Article 22(1) and (4) of the GDPR and, at least in these cases, meaningful information about the logic involved and the scope and intended effects of such processing for the data subject.
Furthermore, you have the right to request information about whether the personal data concerning you is transferred to a third country or to an international organization. In this context, you may request to be informed about the appropriate safeguards pursuant to Art. 46 DSGVO in connection with the transfer.
Right to rectification
You have a right to rectification and/or completion vis-à-vis us, insofar as the processed personal data concerning you are inaccurate or incomplete. We must, of course, carry out the rectification without delay.
Right to restriction of processing
You may request the restriction of the processing of personal data concerning you under the following conditions:
a.) if you dispute the accuracy of the personal data concerning you for a period of time that allows us to verify the accuracy of the personal data;
b.) if the processing is unlawful and you object to the erasure of the personal data and request instead the restriction of the use of the personal data;
c.) if we no longer need the personal data for the purposes of processing, but you need it for the assertion, exercise or defense of legal claims; or
d.) if you have objected to the processing pursuant to Article 21 (1) DSGVO and it has not yet been determined whether the legitimate grounds to which we are entitled override your grounds.
If the processing of personal data relating to you has been restricted, this data may - apart from being stored - only be processed by us or by authorized third parties with your consent or for the assertion, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of an important public interest of the Union or a Member State.
If the restriction of processing has been restricted in accordance with the above conditions, we will inform you before the restriction is lifted.
Right to erasure
a.) Obligation to erasure
You may request that we delete the personal data concerning you without undue delay, and we are obliged to delete such data without undue delay, if one of the following reasons applies:
aa.) The personal data concerning you are no longer necessary for the purposes for which they were collected or otherwise processed.
bb.) You revoke your consent on which the processing was based pursuant to Art. 6 (1) a or Art. 9 (2) a DSGVO and there is no other legal basis for the processing.
cc.) You object to the processing pursuant to Art. 21 (1) DSGVO and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Art. 21 (2) DSGVO.
dd.) The personal data concerning you has been processed unlawfully.
ee.) The erasure of the personal data concerning you is necessary for compliance with a legal obligation under Union or Member State law to which we are subject.
ff.) The personal data concerning you has been collected in relation to information society services offered in accordance with Art. 8(1) DSGVO.
b.) Information to third parties
If we have made the personal data concerning you public and we are obliged to erase it pursuant to Art. 17(1) DSGVO, we shall take reasonable steps, including technical measures, having regard to the available technology and the cost of implementation, to inform the data controllers processing the personal data that you, as the data subject, have requested that they erase all links to or copies or replications of such personal data.
The right to erasure does not exist to the extent that the processing is necessary
aa.) for the exercise of the right to freedom of expression and information;
bb.) for compliance with a legal obligation which requires processing under Union or Member State law to which we are subject, or for the performance of a task carried out in the public interest or in the exercise of official authority vested in us;
cc.) for reasons of public interest in the area of public health pursuant to Art. 9(2)(h) and (i) and Art. 9(3) DSGVO;
dd.) for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes pursuant to Art. 89(1) DSGVO, insofar as the right referred to in section a) is likely to render impossible or seriously prejudice the achievement of the purposes of such processing; or
ee.) for the assertion, exercise or defense of legal claims.
Right to information
If you have asserted the right to rectification, erasure or restriction of processing against us, we are obliged to inform all recipients to whom the personal data concerning you have been disclosed of this rectification or erasure of the data or restriction of processing, unless this proves impossible or involves a disproportionate effort.
You have the right against us to be informed about these recipients.
Right to data portability
You have the right to receive the personal data concerning you that you have provided to us in a structured, common and machine-readable format. You also have the right to transfer this data to another controller without hindrance, provided that
a.) the processing is based on consent pursuant to Art. 6 (1) a DSGVO or Art. 9 (2) a DSGVO or on a contract pursuant to Art. 6 (1) b DSGVO and
b.) the processing is carried out with the help of automated procedures.
In exercising this right, you also have the right to obtain that the personal data concerning you be transferred directly from us to another controller, insofar as this is technically feasible. Freedoms and rights of other persons must not be affected by this.
The right to data portability does not apply to processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in us.
Right to object
You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is carried out on the basis of Article 6(1)(e) or (f) DSGVO; this also applies to profiling based on these provisions.
We will then no longer process the personal data concerning you unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.
If the personal data concerning you is processed for the purposes of direct marketing, you have the right to object at any time to the processing of personal data concerning you for the purposes of such marketing; this also applies to profiling, insofar as it is related to such direct marketing.
If you object to the processing for direct marketing purposes, the personal data concerning you will no longer be processed for these purposes.
You have the possibility, in connection with the use of information society services - notwithstanding Directive 2002/58/EC - to exercise your right to object by means of automated procedures using technical specifications.
Right to revoke your declaration of consent under data protection law
You have the right to revoke your declaration of consent under data protection law at any time. The revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation.
Automated decision in individual cases including profiling
You have the right not to be subject to a decision based solely on automated processing - including profiling - which produces legal effects concerning you or similarly significantly affects you. This does not apply if the decision
a.) is necessary for the conclusion or performance of a contract between you and us,
b.) is permissible on the basis of legal provisions of the Union or the Member States to which we are subject and these legal provisions contain appropriate measures to protect your rights and freedoms as well as your legitimate interests, or
c.) is made with your express consent.
However, these decisions may not be based on special categories of personal data pursuant to Article 9(1) of the GDPR, unless Article 9(2)(a) or (g) applies and appropriate measures have been taken to protect the rights and freedoms as well as your legitimate interests.
With regard to the cases mentioned in a.) and c.), we take appropriate measures to protect the rights and freedoms as well as your legitimate interests.
Right to complain to a supervisory authority
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your residence, workplace or the place of the alleged infringement, if you consider that the processing of personal data concerning you infringes the GDPR.
The supervisory authority to which the complaint has been lodged will inform the complainant of the status and outcome of the complaint, including the possibility of a judicial remedy under Article 78 GDPR.
If you have separately subscribed to the newsletter, your e-mail address will be used for our own advertising purposes until you unsubscribe from the newsletter. You can unsubscribe at any time without incurring any costs other than the transmission costs according to the prime rates of your access provider. You can unsubscribe directly from the newsletter at any time by sending an e-mail to firstname.lastname@example.org.
If you have any further questions or suggestions on the subject of "data protection" with us, or if you would like information about your data or would like it corrected or deleted, please write by e-mail or letter to:
hoco online gmbh
House E, 1st floor
Phone: +49 30 9599811-30
Fax: +49 30 9599811-40
Berlin, May 2018
Advertising by e-mail in accordance with Section 7 (3) of the German Unfair Competition Act (UWG)
Within the scope of the legal permission pursuant to Section 7 (3) of the German Unfair Competition Act (UWG), we are entitled to use the e-mail address you provided when purchasing a service for which a fee is charged for direct advertising for our own similar products or services. If you no longer wish to receive advertising for similar products or services, you can object to the corresponding use of your e-mail address at any time without incurring any costs other than the transmission costs according to the basic rates. To do so, you can unsubscribe from product recommendations by clicking on the unsubscribe link contained in each mailing or by sending an e-mail to email@example.com.
Use of hotjar
This website uses hotjar, a web analytics tool. It is used to anonymously record interactions of randomly selected individual visitors with the website. This results in a log of, for example, mouse movements and clicks with the aim of identifying potential improvements to the respective website. This is also our legitimate interest in processing the data.
The following personal data is processed but not stored: The IP address of the user's calling system.
Hotjar also collects non-personal data such as information on the operating system, browser, links clicked on, geographical origin, as well as resolution and type of device when using this website. These are stored in a non-personal form and evaluated for statistical purposes. Deletion takes place as soon as the data is no longer required for our evaluation purposes.
Use of FAST
1. General scope and description of data processing
We use FAST to correctly assign the success of an advertising medium. The data is automatically deleted after 90 days. No profiling takes place. FAST uses a unique key that third parties cannot assign and thus users are not traceable. Personalized advertising is not possible with FAST.
FAST establishes a connection between a click on an advertising medium, e.g. an advertisement, and an action, e.g. a purchase or a registration.
The information transmitted to us is used solely for the purpose of correctly assigning the success of an advertising medium and the corresponding billing.
FAST does not store cookies or cookie-like data on your terminal device.
When generating the device fingerprint, only non-personal parameters are merged (browser settings, time zone, CPU class, color depth, browser language, etc.).
2. scope and description of the processing of data when using Google Ads / Microsoft Ads.
In the case of a promotion, the order number and the shopping cart value of the order are usually also transmitted and stored by us for 90 days. Personal data such as name, telephone number or address are explicitly not collected or stored.
In addition, the following values may be transmitted:
- ID (consecutive number)
- time of purchase
- Conversion name (store order or lead)
The processing of the Device Fingerprint takes place on the server of the respective customer. In case of integration via Google Tag Manager, the device fingerprint is processed via the Smarketer Host-Europe server in Strasbourg.
Through high security standards, such as an HTTPS connection, the sending of the conversion data takes place on our HOST-Europe server located in Strasbourg. The transfer of the export file and the processing of the data (ClickID, conversion name, timestamp, order value, currency) is done according to Google Ads / Microsoft Ads on an American server.
The software is set so that no profiling takes place.
3. legal basis for the processing of personal data
The legal basis for the processing of the user's data is Art. 6 para. 1 lit. f DSGVO.
4. purposes of processing
The information transmitted to us serves the sole purpose of a correct allocation of the success of an advertising medium and the corresponding billing and is justified with our legitimate interests according to Art. 6 para. 1 p. 1 lit. f DSGVO.