Privacy Notice

Privacy Policy

1. Information on the Collection of Personal Data and Contact Details of the Data Controller
2. Data Collection When Visiting Our Website
3. Contacting Us
4. Cookies
5. Data Processing for Order Fulfillment
6. Data Processing When Opening a Customer Account and for Contract Fulfillment
7. Tools and Other Information
8. Rights of the Data Subject
9. Duration of Storage of Personal Data

1. Information on the Collection of Personal Data and Contact Details of the Data Controller

1.1. Thank you for visiting our website. Below, we would like to inform you about how we handle your personal data when you use our website. Personal data is any data that can be used to personally identify you.

1.2. The controller responsible for processing data on our website within the meaning of the General Data Protection Regulation (GDPR) is:

Alexander Stoll
Im Feldle 15
73230 Kirchheim
Germany
Tel.: +49 173 8783736
Email: info@stoll-walnussprodukte.de

1.3. To protect the security of your data during transmission, we use state-of-the-art encryption methods (e.g., SSL or TLS) via HTTPS.

2. Data Collection When You Visit Our Website

Each time you access our website, our system automatically collects data and information that your browser transmits to our server (so-called "server log files"). The following data, which is technically necessary for us to process your data, is collected:

Website you visited
Date and time of access
Amount of data sent in bytes
Source/referrer from which you accessed the site
Operating system used
Browser used
IP address used (possibly anonymized)

The legal basis for this processing is Article 6(1)(f) GDPR, based on our legitimate interest in improving the stability and functionality of our website. The data will not be shared or used for any other purpose. The temporary storage of the IP address by the system is necessary to enable delivery of the website to the user's computer. For this purpose, the user's IP address must be stored for the duration of the session.

We reserve the right to review the server log files subsequently should there be concrete indications of unlawful use. The data will be deleted as soon as it is no longer required for the purpose for which it was collected. In the case of data collection for the provision of the website, this occurs when the respective session ends.

In the case of data storage in log files, this occurs after a maximum of seven days. Storage beyond this period is possible. In this case, the users' IP addresses are deleted or anonymized so that it is no longer possible to identify the requesting client. The collection of data for the provision of the website and the storage of data in log files are essential for the operation of the website. Consequently, users have no right to object.

3. Contacting Us

If you contact us via the contact form, the data entered in the input fields will be transmitted to us and stored. The data collected can be found in the respective input fields. When contacting us by email, only the data you enter there will be transmitted to us.

The data will be used exclusively for processing the conversation and your request. The legal basis for processing the data, if the user has given consent, is Article 6 Paragraph 1 Letter a) GDPR. The legal basis for processing data transmitted via email is Article 6(1)(f) GDPR. If the email contact aims at concluding a contract, the additional legal basis for processing is Article 6(1)(b) GDPR. The data will be deleted as soon as it is no longer necessary for the purpose for which it was collected, provided there are no legal retention obligations to the contrary. For personal data from the contact form and those transmitted by email, this is the case when the respective conversation with the user has ended. A conversation is considered ended when it is clear from the circumstances that the matter in question has been resolved. The user has the right to withdraw their consent to the processing of their personal data at any time. If the user contacts us by email, they can object to the storage of their personal data at any time. In such a case, the conversation cannot be continued.

4. Cookies

Our website uses cookies.

Cookies are text files that are stored on the user's device. When a user visits a website, a cookie can be stored on the user's operating system. Some functions of our website cannot be offered without the use of cookies. This requires that the browser is recognized even after a page change. The user data collected by technically necessary cookies is not used to create user profiles. Our legitimate interest in processing personal data pursuant to Art. 6 para. 1 lit. f) GDPR lies in the aforementioned purposes.

In addition, our website may use cookies that enable analysis of users' browsing behavior (so-called third-party cookies). You can find more detailed information on the scope, purpose, legal basis, and options for objecting in the respective sections of this privacy policy.

As a user, you have full control over the use of cookies. By changing the settings in your internet browser, you can deactivate, restrict, or delete the transmission of cookies. If you disable cookies for our website, you may not be able to use all of its features. You can prevent the transmission of Flash cookies by changing the settings of your Flash Player.
...`` If you disable cookies for our website, you may not be able to use all of the features of our website. For help with cookie settings, please refer to your browser's help menu or the following links:

Internet Explorer: http://windows.microsoft.com/de-DE/windows-vista/Block-or-allow-cookies

Firefox: https://support.mozilla.org/de/kb/cookies-erlauben-und-ablehnen

Chrome: http://support.google.com/chrome/bin/answer.py?hl=de&hlrm=en&answer=95647

Safari: https://support.apple.com/de-de/guide/safari/sfri11471/mac

Opera: https://help.opera.com/en/latest/web-preferences/#cookies

Some of the cookies used here are deleted after you close your browser (session cookies). Other cookies remain on your device and allow us or our partner companies (third-party cookies) to recognize your browser on your next visit (persistent cookies). When cookies are set, they collect and process certain user information, such as browser and location data, as well as IP addresses, to varying degrees. Persistent cookies are automatically deleted after a predetermined period, which can vary depending on the cookie.

5. Data Processing for Order Fulfillment

5.1. If you wish to place an order in our online shop, you must provide your personal data, which we require to process your order. We process the data you provide to fulfill your order.

In some cases, we work with external service providers to process your order. For this purpose, we must share the necessary personal data with them.

If we commission transport companies to deliver your goods, we will share your data required for delivery with the respective transport company. For payment processing, we will share your data with the commissioned bank as necessary. If we use payment service providers, you will also be informed about this below.

The legal basis for sharing your data is Article 6(1)(b) GDPR.

5.2. Use of Payment Service Providers

5.3. bancontact

When paying via "bancontact" through the PayPal Checkout, payment processing is handled by the payment service provider PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter: "PayPal").

Further information on the PayPal Checkout can be found in the corresponding section below.

5.4. blik

When paying via "blik" through the PayPal Checkout, payment processing is handled by the payment service provider PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter: "PayPal").

Further information on the PayPal Checkout can be found in the corresponding section below.

5.5. mybank

When paying via "mybank" through PayPal Checkout, payment processing is handled by the payment service provider PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter: "PayPal").

Further information about PayPal Checkout can be found in the corresponding section below.

- PayPal

When you select PayPal, credit card via PayPal, direct debit via PayPal, or – if offered – "purchase on account" via PayPal as your payment method, payment processing is handled by PayPal (Europe) S.a.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter referred to as "PayPal").

We transfer your personal data to PayPal in accordance with Article 6(1)(b) GDPR to the extent necessary. PayPal reserves the right to conduct a credit check for the payment methods credit card via PayPal, direct debit via PayPal, or – if offered – "purchase on account" via PayPal.

For this purpose, your payment data may be transferred to credit agencies in accordance with Article 6(1)(f) GDPR based on PayPal's legitimate interest in assessing your creditworthiness. PayPal uses the result of the credit check, specifically the statistical probability of payment default, to decide whether to offer the respective payment method.

The credit report may contain probability values (so-called score values). If score values are included in the credit report, they are based on a scientifically recognized mathematical-statistical method. Address data is among the information used to calculate the score values, but is not the only factor.

What other data PayPal collects is detailed in PayPal's privacy policy, which can be found at: https://www.paypal.com/de/webapps/mpp/ua/privacy-full

You can object to this processing of your data at any time by contacting PayPal. However, PayPal may still be entitled to process your personal data if this is necessary for processing payments in accordance with the contract.

5.6. PayPal Checkout

We use PayPal Checkout on this website (PayPal (Europe) S.a.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter referred to as "PayPal")).

PayPal Checkout is an online payment solution from PayPal that supports both PayPal payment methods and local payment methods from third-party providers.

If you select the payment methods PayPal, credit card via PayPal, direct debit via PayPal, or "Pay Later" via PayPal (where offered), we will forward your necessary payment data to PayPal for the purpose of payment processing. This transfer is permitted in accordance with Art. 6 Para. 1 lit. b GDPR.

For the payment methods credit card via PayPal, direct debit via PayPal, or "Pay Later" via PayPal, PayPal reserves the right to conduct a credit check. For this purpose, PayPal may forward your necessary payment data to credit agencies. This processing is based on Art. 6 Para. 1 lit. Pursuant to Article 6(1)(f) GDPR, PayPal has a legitimate interest in verifying your creditworthiness. You can object to this processing of your data at any time by contacting PayPal. However, further processing of your personal data by PayPal may still be legitimate if necessary for the contractual processing of your payment.

If you select the PayPal invoice payment method, we will initially transmit your payment data to PayPal in accordance with Article 6(1)(b) GDPR. PayPal will then forward your data to Ratepay GmbH, Ritterstr. 12-14, 10969 Berlin, for the purpose of processing your payment. RatePay will then conduct an identity and credit check on its own behalf. The legal basis for this is Article 6(1)(f) GDPR, the legitimate interest in verifying creditworthiness. For this purpose, RatePay will transmit your payment data to credit agencies in accordance with Article 6(1)(f) GDPR.

Ratepay may access the following credit agencies: https://www.ratepay.com/legal-payment-creditagencies/

If you choose a local third-party payment method, we will first forward your payment data to PayPal in accordance with Art. 6 Para. 1 lit. b GDPR. PayPal will then forward your payment data to your selected provider for processing the payment (Art. 6 Para. 1 lit. b GDPR):

- iDeal (Currence Holding BV, Beethovenstraat 300 Amsterdam, Netherlands)
- giropay (Paydirekt GmbH, Stephanstr. 14-16, 60313 Frankfurt am Main, Germany)
- Sofort (SOFORT GmbH, Theresienhöhe 12, 80339 Munich, Germany)
- bancontact (Bancontact Payconiq Company, Rue d'Arlon 82, 1040 Brussels, Belgium)
- eps (PSA Payment Services Austria GmbH, Handelskai 92, Gate 2, 1200 Vienna, Austria)
- blik (Polski Standard) Płatności sp. z o.o., ul. Czerniakowska 87A, 00-718 Warsaw, Poland)
- Przelewy24 (PayPro SA, Kanclerska 15A, 60-326 Poznań, Poland)
- MyBank (PRETA S.A.S, 40 Rue de Courcelles, F-75008 Paris, France)

Further information can be found in PayPal's privacy policy:

https://www.paypal.com/de/webapps/mpp/ua/privacy-full

- When paying via "Pay Now," payment processing is handled by Klarna BANK AB (publ) (https://www.klarna.com/de, Sveavägen 46, 111 34 Stockholm, Sweden (hereinafter "Klarna")).

We will forward your personal data (first and last name, street, house number, postal code, city, gender, email address, telephone number, and IP address) as well as data related to the order (e.g., invoice amount, items, shipping method) to Klarna for the purpose of identity and credit checks if you have expressly consented to this transfer in accordance with Art. 6 Para. 1 lit. a GDPR. Klarna may transfer your data to one of the following: Credit rating agency disclosure: https://cdn.klarna.com/1.0/shared/content/legal/terms/0/de_de/credit_rating_agencies.

The credit report may contain probability values (so-called score values). If score values are included in the credit report, they are based on a scientifically recognized mathematical-statistical method. Address data is among the data used to calculate the score values, but is not the only factor. You can withdraw your consent at any time by contacting the data controller or Klarna. However, Klarna may still process your personal data if this is necessary for processing payments in accordance with the contract. For individuals residing in Germany, the following Klarna data protection provisions apply: https://cdn.klarna.com/1.0/shared/content/policy/data/de_de/data_protection.pdf For individuals residing in Austria, the following Klarna data protection provisions apply: https://cdn.klarna.com/1.0/shared/content/policy/data/de_at/data_protection.pdf

6. Data Processing When Opening a Customer Account and for Contract Processing

When you open a customer account with us, personal data is collected and processed in accordance with Article 6 Paragraph 1 Letter b GDPR. The scope of the data is evident from the input form. The data you enter will be stored and used by us for contract processing.

You can delete your customer account at any time. This can be done by sending a message to the data controller's address or, if offered, directly in your customer account. In this case, we will also restrict your data in accordance with tax and commercial law retention periods and delete it after these periods have expired. This can only be overridden by your consent to permanent storage or by further data processing permitted by law on our part.

7. Tools and Other Services

Google reCAPTCHA

We use the reCAPTCHA function of Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google") pursuant to Art. 6 para. 1 lit. f GDPR based on our legitimate interest in preventing misuse and spam.

reCAPTCHA is a function designed to ensure that input is made by a natural person.

The service sends your IP address and, if applicable, other data required by Google for the reCAPTCHA service to Google.

When using Google reCAPTCHA, your personal data may also be transferred to the servers of Google LLC in the USA.

Google LLC, based in the USA, is certified under the EU-U.S. Data Privacy Framework, which ensures compliance with the level of data protection applicable in the EU. You can find further information about Google's privacy policy at the following web address:

http://www.google.de/policies/privacy/

Further information on Google's privacy policy can be found here:

https://business.safety.google/privacy/

8. Rights of the Data Subject

8.1. Applicable data protection law grants you comprehensive rights as a data subject (rights of access and intervention) with regard to the processing of your personal data by the controller, which we inform you about below:

- Right of access pursuant to Article 15 GDPR:

You have the right to obtain from the controller confirmation as to whether or not personal data concerning you are being processed. Furthermore, you have the right to information about the purpose, the categories of personal data, the recipients, the planned duration of storage and the existence of further rights such as rectification of the data or the existence of a right to lodge a complaint with a supervisory authority, the origin of your data if it was not collected by us, the existence of automated decision-making including profiling and, where applicable, meaningful information about the logic involved and the significance and the envisaged consequences of such processing for you, as well as your right to be informed of the safeguards pursuant to Article 46 GDPR when your data is transferred to third countries;
- Right to rectification pursuant to Article 16 GDPR:

You have the right to the immediate rectification of inaccurate personal data concerning you and/or the completion of incomplete personal data stored by us; the rectification or completion must be carried out without undue delay.

- Right to restriction of processing pursuant to Article 18 GDPR:

You have the right to request the restriction of processing of your personal data while the accuracy of your data is being contested by you, if you object to the erasure of your data due to unlawful processing and request the restriction of processing of your data instead, if you require your data for the establishment, exercise, or defense of legal claims after we no longer need this data for the purposes for which it was collected, or if you have objected to processing on grounds relating to your particular situation, pending the verification of whether our legitimate grounds override yours.

You have the right to request the restriction of processing of your personal data while the accuracy of your data is contested by you, if you object to the processing due to unlawful processing and request the restriction of processing of your data instead, if you require your data for the establishment, exercise, or defense of legal claims after we no longer need this data for the purposes for which it was collected, or if you have objected to processing on grounds relating to your particular situation, pending the verification of whether our legitimate grounds override yours. If the processing of your personal data has been restricted, this data—apart from being stored—may only be processed with your consent or for the establishment, exercise, or defense of legal claims, or for the protection of the rights of another natural or legal person, or for reasons of important public interest of the Union or of a Member State. If the restriction of processing has been lifted, you will be informed by the controller before the restriction is lifted.

- Right to erasure pursuant to Article 17 GDPR:

You have the right to the immediate erasure of your personal data if the conditions of Article 17(1) GDPR are met. This right to erasure does not apply, however, in particular—but not exclusively—if processing is necessary for exercising the right to freedom of expression and information, for compliance with a legal obligation, for reasons of public interest, or for the establishment, exercise, or defense of legal claims.

- Right to be informed pursuant to Article 19 GDPR:

If you have exercised your right to rectification, erasure, or restriction of processing, the controller is obligated to communicate this rectification, erasure, or restriction of processing to each recipient to whom your personal data have been disclosed, unless this proves impossible or involves disproportionate effort. You also have the right to be informed about these recipients.

- Right to data portability pursuant to Article 20 GDPR:

You have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used, and machine-readable format, or to request its transmission to another controller, where technically feasible.

- Right to object pursuant to Article 7(3) GDPR:

You have the right to object at any time to the processing of personal data concerning you which is based on point (e) or (f) of Article 6(1) GDPR, including profiling based on those provisions.

You also have the right to withdraw your consent to data processing at any time with effect for the future. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.

- Right to lodge a complaint pursuant to Article 77 GDPR:
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, your place of work, or the place of the alleged infringement, if you consider that the processing of personal data relating to you infringes the GDPR.

8.2. Right to Object

You have the right to object to the processing of your data at any time with effect for the future if we process your data based on our overriding legitimate interest after a balancing of interests.

If you exercise this right to object, we will cease processing your data unless there are demonstrably overriding legitimate grounds for the processing which override your interests, rights and freedoms, or the processing is necessary for the establishment, exercise or defense of legal claims.

9. Duration of Storage of Personal Data

The duration of storage of personal data depends on the respective statutory retention periods. After these periods expire, we routinely delete the data if it is no longer required for the performance or initiation of a contract and/or we no longer have a legitimate interest in its continued storage.