Privacy policy for the Lidl spare part shop of HOYER-Handel GmbH

1.  Information about the collection of personal data

1.1.  In the following we advise you about the collection of personal data when using our Lidl spare part shop website. Personal data means any data that relates to you personally, such as name, address, email addresses, user behaviour.

1.2.  The Controller under art. 4 para. 7 of the EU General Data Protection Regulation (GDPR) is

 

HOYER Handel GmbH, Tasköprüstraße 3, 22761 Hamburg

Tel.: 00800 4212 4212

Email: service-gb@hoyerhandel.com

Website: http://shop.monsieur-cuisine.com/

 

1.3.  You can contact our Data Protection Officer at Datenschutz@hoyerhandel.com or our postal address with the addition “Der Datenschutzbeauftragte” (The Data Protection Officer).

1.4.  If we involve any external service providers commissioned by us for individual functions of our services, or if we wish to use your data for commercial purposes, we will inform you in detail below about the relevant procedures. In this respect, we will also indicate the defined criteria of the storage period.

 

2.   Your rights

2.1.  As regards your personal data, you have the following rights in your dealings with us:

  • right to information,
  • right to correction or deletion,
  • right to restrict processing,
  • right to object to processing,
  • right to data portability.

In order to exercise these rights, you can contact us using the contact information for the Controller or Data Protection Officer as specified above.

2.2.  Moreover, you have the right to complain to a data protection supervisory authority about the processing of your personal data by us.

 

3.   Objection or withdrawal of consent for the processing of your data

3.1.  If you have consented to the processing of your data, you may withdraw such consent at any time. Such a withdrawal of consent will affect the permissibility of your personal data being processed, after you have informed us of this.

3.2.  Where we base the processing of your personal data on the balancing of interests, you may object to its processing. This is the case if its processing is not required in particular for fulfilling a contract with you as described by us in the relevant description of the functions below. When you exercise your right to object, you will be requested to give the reasons why we should not process your personal data in the manner we intend. In the event of your justified objection, we will review the facts and either cease to process your data, or adjust data processing, or demonstrate to you our compelling legitimate grounds for continuing to process your data.

 

4.   Collection of personal data when visiting our website

4.1.  If you visit the website merely for information purposes, i.e. you do not register or do not transmit information otherwise, we will only collect such personal data that your browser transmits to our server. If you wish to view our website, we will collect the following data that is of technical relevance to us to show you our website and ensure stability and security (the legal basis is art. 6 para. 1 sentence 1 lit. f of the GDPR):

 

  • IP address (abbreviated by the last two octets)
  • Date and time of the request
  • Time zone difference to Greenwich Mean Time (GMT)
  • Content of the request (specific page)
  • Access status / HTTP status code
  • Website from which the request was forwarded
  • Websites accessed by the system of the user via our website
  • Bytes transferred of the requested URL
  • Browser
  • Operating system and its interface
  • Language and version of the browser software.

 

We save this data for a period of 31 days in what is known as a log file, and then the data is deleted. This storage for 31 days is necessary in order to identify and analyse potential attacks by hackers. This serves to improve the security of the website and is therefore carried out on the basis of a legitimate interest under art. 6 I sentence 1 lit f GDPR.

4.2.  In addition to the above data, cookies are stored on your computer when you visit our website. Cookies are small text files that are stored on your hard disk with respect to the browser you use and through which certain information is sent to the party that has set the cookie (in this case, by us). Cookies are not able to execute programs or transfer viruses to your computer. They serve to make the internet offering more user-friendly and effective.

 

4.3.  Use of cookies:

4.3.1.     This website uses the following types of cookies, the scope and functionality of which are explained below:

  • Transient cookies (see b)
  • Persistent cookies (see c).

4.3.2.     Transient cookies are deleted automatically when you close your browser. They include, in particular, session cookies. They store a so-called session ID, with the help of which various requests of your browser can be assigned to the same session. As a result, your computer can be recognised when you return to our website. Session cookies also include the cookies that we use in order to ensure that the website is displayed correctly on the mobile device used. The session cookies will be deleted when you log out or close the browser.

4.3.3.     Persistent cookies will automatically be deleted after a pre-defined period, which may vary depending on the specific cookie. You may delete the cookies in the security settings of your browser at any time.

4.3.4.     You may configure your browser setting as you like and, for instance, refuse to accept third-party cookies or all cookies. Please note that, in this case, you may not be able to use all functions of this website.

 

5.    Use of our online shop

5.1.  If you wish to order products via our online shop, it is necessary for the sake of concluding a contract that you provide your personal data, which we need for processing your order. Mandatory information necessary for executing the contracts is marked separately; any further details are voluntary. Specifically, we collect the following data:

  • Last name
  • First name
  • Address
  • Country
  • Invoicing data
  • Payment data
  • Phone (optional)
  • Fax (optional)
  • Salutation (optional)

We will process the data transmitted by you for processing your order. The legal basis for that is art. 6 para. 1 sentence 1 lit. b GDPR.

Moreover, we are entitled to process the data provided by you to inform you about further interesting products of our portfolio or send you emails with technical information.

5.2.  Legal commercial and tax regulations require us to store your address, payment and order details for the period of ten years. However, we restrict the processing of data after two years, i.e. your data will be used only for complying with the legal obligations.

5.3.  To prevent unauthorised access to your data by any third party, in particular to your financial data, the ordering process will be encrypted by means of TLS technology.

 

6.     Setting up a user account in the Lidl spare part shop of Hoyer

You may set up a customer account on a voluntary basis, through which we store your data for further, subsequent purchases. In addition to the data collected during an order, you need to specify a password you have chosen yourself when setting up a customer account. This password must be treated as confidential and protected against unauthorised access by third parties. If you set up an account under “Customer Account”, the data provided by you will be revocably stored. In addition, you can view the personal data saved in your customer account at any time and use the “Wishlist” function to save products for subsequent shopping.

The legal basis for the processing of your data is art. 6 I sentence 1 lit. b GDPR, because you are providing the data within the framework of a contractual relationship or in order to initiate such a relationship.

The data will be saved until you delete the user account. You can delete the user account by sending a corresponding request to loeschung@hoyerhandel.com.

 

7.    Recipients of your data / categories of recipients

For the processing of your data as described above, we use data processors (e.g. in product logistics). The obligation of this data processors to handle your data in compliance with the GDPR and to take suitable technical and organisational measures for data security is defined in an order processing contract.

In addition, we work together with the following payment service providers: Paypal, Payone.

If you make a payment using PayPal or PayPal Express, following your order we forward you to Paypal (europe) S.a.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg, so that you can use their portal to order the payment. 

If you choose to use a means of payment from the payment service provider Payone, the payment is handled by payment service provider BS PAYONE GmbH, Lyoner Straße 9, 60528 Frankfurt/Main, to which we forward the information regarding your order in compliance with art. 6 para. 1 sentence 1 lit. b GDPR. The disclosure of your data takes place exclusively for purposes of payment handling with the payment service provider PAYONE, and only to the extent that is necessary for this purpose. 

If you default on payment, in order to enforce our claim we will pass your data to a debt collection agency, a law firm, or possibly to an information agency for purposes of verifying your address. The legal basis for the transfer of data is art. 6 I sentence 1 lit. b GDPR. In addition, the processing is justified by our legitimate interest in the assertion of our entitlement to payment, and thus by art. 6 I sentence 1 lit f GDPR. 

 

8.   Contact via the contact form or email 

8.1.  When you contact us via email or a contact form, the data provided by you (your email address, and if appropriate your name, telephone number and message) will be stored by us in order to be able to answer your questions. We will delete the data obtained in this connection after its storage is no longer required, or we will restrict its processing if statutory retention obligations exist.

8.2.  We process this data in order to offer you the desired/requested service. The data processing takes place on the basis of a contract (art. 6, para. 1 sentence 1 lit. b GDPR), where this relates to questions regarding your purchase in our shop. The performance of the customer service is otherwise subject to processing on the grounds of legitimate interests (art. 6 para. 1 sentence 1 lit. f GDPR) because it facilitates the provision of advice to the customer.

 

9.  Use of Google Analytics

9.1.  This website uses Google Analytics, a website analysis service provided by Google Inc. ("Google"). Google Analytics uses so-called "cookies", i.e. text files that are stored on your computer and facilitate an analysis of your use of the website. The information generated by the cookie about your use of this website is generally transferred to, and stored on, a server operated by Google in the USA. If IP anonymisation is enabled on this website, however, your IP address will first be truncated by Google within the member states of the European Union or in other signatory states to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transferred to a Google server in the USA and truncated there. On behalf of the operator of this website, Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activities and providing other services relating to the use of the website and the use of the internet for the website operator.

9.2.  Google will not associate the IP address that your browser transmits within the scope of Google Analytics with any other data held by Google.

9.3.  You can prevent the storage of cookies by selecting an appropriate setting in your browser software; however please note that if you do this, you may not be able to use the full functionality of this website. You can also prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) at Google as well as the processing of this data by Google by downloading and installing the browser plugin available at the following link: http://tools.google.com/dlpage/gaoptout?hl=de.

 

9.4.  Opt-out cookies prevent the future collection of your data when you visit this website. In order to prevent the collection of data by Universal Analytics across various devices, you need to perform the opt-out on all systems that you use. If you click here, the opt-out cookie will be set:

You can prevent the collection of your data by Google Analytics by clicking on the following link. An opt-out cookie will be set which prevents the collection of your data on future visits to this website: disable Google Analytics

9.5.  This website uses Google Analytics with the extension "_anonymizeIp()". As a result, only truncated IP addresses are further processed and personal traceability is ruled out. As soon as data collected about you facilitates personal identification, this will immediately be excluded and the personal data deleted without delay.

9.6.   We use Google Analytics to analyse the use of our website and to be able to regularly improve it. The statistical data obtained will help us to improve our offers and make them more interesting for you as a user. For the exceptional cases in which personal data is transmitted to the USA, Google has committed to applying the principles of the EU-US Privacy Shield; https://www.privacyshield.gov/EU-US-Framework. The legal basis for using Google Analytics is art. 6 para. 1 sentence 1 lit. f of the GDPR.

9.7.  Information of the third-party provider: Google Dublin, Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001.

Terms & conditions of use: http://www.google.com/analytics/terms/de.html

Data protection overview: http://www.google.com/intl/de/analytics/learn/privacy.html

Privacy policy: http://www.google.de/intl/de/policies/privacy

 

10.   Google Fonts

This website uses Google Fonts in order to integrate fonts, a service by Google Inc, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA. To display our website, we also access Google servers, specifically fonts.googleapis.com and fonts.gstatic.com. In order to display fonts as quickly and efficiently as possible on our website, the access instances are saved by Google and the fonts and specifications of your browser temporarily saved. Google Web Fonts are used in the interests of providing a standardised and attractive presentation of our online services. This represents a legitimate interest in the meaning of art. 6 para. 1 lit. f GDPR. You can find more information on this here: https://developers.google.com/fonts/faq#what_does_using_the_google_fonts_api_mean_for_the_privacy_of_my_users

 

11.   ajax.googleapis.com/ jQuery

This website uses the Javascript library jQuery, which optimises loading speeds. Program libraries from Google servers are accessed in this context. The CDN (content delivery network) of Google is used. If you have previously required jQuery on other pages from Google CDN, your browser will access the copy saved in its cache. Otherwise it will be necessary to download the program library, which will pass data from your browser to Google Inc. (“Google”). This transfer takes place on the grounds of legitimate interests in the meaning of art. 6 para. 1 lit. f GDPR.