Privacy policy
We attach great importance to data protection. The use of our website is possible without specifying personal data. However, log data is collected. And if you make use of services via our website, it will usually be necessary to process further personal data. Therefore, we inform you in detail about the protection of your personal data on our website.
We process your personal data exclusively on the basis of the EU General Data Protection Regulation (Regulation (EU) 2016/679; hereinafter: "GDPR").
Privacy policy
1. Who is responsible for data processing and whom can you contact?
2. What do the individual terms mean?
3. What personal data is processed via our website and on what basis?
a. Log data
b. Profile data
c. Online shop data
d. Cookie data
e. Newsletter data
f. Communication data
g. Google
h. Google Fonts data
i. Google Maps
j. Applicant data
k. Advertising with Facebook (Facebook Pixel)
4. How long will your data be processed or when will it be deleted?
5. To whom is personal data transferred?
a. Processors
b. Other data controllers
c. Categories of recipients
6. Do we share personal data with third countries?
7. Do we use social media plugins?
8. What about data from our company pages on social networks?
9. What are your rights?
10. Changes to the privacy notice
1. Who is responsible for data processing and whom can you contact?
We are the controller for the processing of your personal data (Art. 4 No. 7 DS-GVO):
Sawade GmbH
Wittestraße 26e
13509, Berlin
Deutschland
Tel.: +4930430060
E-Mail: service@sawade.berlin
You can find more information about us in our imprint
You can also contact our data protection officer:
E-Mail: datenschutz@uub-schwan.de
Umwelt- und Unternehmensberatung Schwan GmbH
Heinrich-Mann-Allee 18-19
14473 Potsdam
Germany
2. What do the individual terms mean?
For a better understanding, we explain a few terms from the GDPR below:
- Personal data” means any information relating to an identified or identifiable natural person ("data subject"). A person is identifiable if he or she can be identified directly or indirectly, in particular by means of an association with an identifier such as a name, an IP address, location data, etc.. The identifiability can also be given by a linkage of such information.
- Processing” means any operation which involves the handling of personal data, whether or not by automated (i.e. technology-based) means. This includes, in particular, the collection, organisation, storage, adaptation, modification, use, transmission, linking, reading and retrieval of personal data, as well as the change of a purpose or intended use on which data processing was originally based.
- Controller” means the natural or legal person, public authority, agency or other body which alone or jointly with others determines the purposes and means of the processing of personal data.
- Processor” means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller, in particular in accordance with the controller's instructions (e.g. IT service provider).
- "Third party" means any natural or legal person, public authority, agency or other body other than the data subject, the controller, the processor and the persons authorised to process the personal data under the direct responsibility of the controller or processor.
- "Cookies" are small text files that are stored on your hard drive by the browser you use and through which the person setting the cookies can read certain information.
3. What personal data is processed through our website and on what basis?
We process personal data exclusively in accordance with the GDPR and the other relevant data protection regulations. Insofar as processing is carried out on the basis of legitimate interests (Art. 6 para. 1 sentence 1 lit. f DS-GVO), the purposes listed below also represent our legitimate interests.
a. Log data
When you visit our website, a log file is temporarily stored on our web server. This consists of:
- the page from which our website was accessed (so-called referrer URL);
- the name and URL of the page called up (including sub-pages);
- the date and time of the respective call;
- the GMT time zone difference;
- the description of the type, language and version of your web browser;
- the IP address of the requesting computer, which is, however, shortened in such a way that it is no longer possible to establish a personal reference;
- the amount of data transferred;
- your operating system;
- the message as to whether the request was successful (access status/ttp status code).
The data collected in the server log files is stored separately from any personal data provided by the person concerned.
The processing of the log data serves to check the functionality and improvement of our website and to combat abuse (Art. 6 para. 1 p. 1 lit. f DS-GVO).
b. Profile data
When you create a customer account with us, you must provide the following data (marked with an "*"):
- Your name;
- Your e-mail address;
- your password and
- your address.
You can change this data at any time. This data is processed by us in order to create and maintain the customer account explicitly requested by you (Art. 6 para. 1 p. 1 lit. b DS-GVO). A transfer to order processors (e.g. parcel services) serves and is limited to the scope necessary for the fulfilment of a contract concluded with you (Art. 6 para. 1 p. 1 lit. b DS-GVO). We will continue to process this data until you delete your customer account with us and there is no further reason for continued processing in accordance with point 4.
Furthermore, by registering on our website
- Your IP address,
- the date and
- the time of registration
stored. This data is stored in order to combat abuse (Art. 6 para. 1 p. 1 lit. f DS-GVO).
c. Online shop data
When you place an order via our online shop, we process the data you provide. Some of these are marked as mandatory (by the symbol "*"). We generate an order number for you. During the ordering process and the processing of your order, the necessary data is processed: (e.g. name, amount, order number, description of goods).
Payment via PayPal
The processing of your payment requires the transmission of the necessary payment data. If you decide to pay via PayPal, we exchange the necessary data about the purchase of goods and the allocation of your payment with PayPal.
The transmission and processing takes place because you have selected the payment service provider for the processing of the contract. It is therefore carried out for the fulfilment of the contract (Art. 6 para. 1 p. 1 lit. b DS-GVO). In addition, processing may take place for the purpose of combating abuse and fraud (Art. 6 para. 1 p. 1 lit. f DS-GVO).
Further information on the processing of your personal data by PayPal can be found in their privacy policy:
PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, 2449 Luxembourg, Luxembourg. - https://www.paypal.com/de/webapps/mpp/ua/privacy-full.
Payment by credit card, Sofort Überweisung and Giropay
We use the services of Unzer E-Com GmbH and its partner (UNIVERSUM Inkasso GmbH), hereinafter "Unzer", to process and enforce our payment claims.
By selecting the payment service provider by clicking on the corresponding box in the order process, you agree that
- we transmit your data required for payment processing (e.g. name, amount, order number, description of goods, amount of claim, etc.) to Unzer;
- Unzer transmits your data to the payment service provider selected by you, the provider of the respective payment method, the payment institution, the account-keeping institution or the credit institution and
- Unzer processes the personal data received in the course of this process in order to process your payment.
The processing of your personal data by Unzer for the purpose of processing your payment is carried out on the basis of Art. 6 Para. 1 S. 1 lit. a DS-GVO.
It is possible that Unzer processes your data outside the EU and the EEA. In these cases, the data transfer and processing is carried out either on the basis of an adequacy decision of the European Commission or the Commission's standard contractual clauses. More information on this can be found in section 6.
Further information on the processing of your personal data by the respective providers, payment service providers and institutions can be found in their data protection statements:
- Mastercard Europe SA, Chaussée de Tervuren 198A, B-1410 Waterloo, Bel-gium https://www.mastercard.de/de-de/datenschutz.html;
- Visa Europe Services Inc, London Branch, 1 Sheldon Square, London W2 6TT, United Kingdom ; https://www.visa.de/nutzungsbedingungen/visa-globale-datenschutzmitteilung.html;
Payment by invoice
In the case of a purchase on account, we carry out an assessment of the risk of non-payment in some cases for higher order values due to our advance performance. For this assessment, we may obtain credit information based on mathematical-statistical procedures from the credit agency Creditsafe Deutschland GmbH (scoring). For this purpose, the data required for the credit assessment (in particular name, date of birth, address, bank details) are transmitted to the credit agency after a prior manual check by our employees. On the basis of this information, the credit agency determines a statistical probability of default. Depending on the result of the respective credit check, we decide whether payment can be made by invoice.
The data processing is carried out for the execution of the contract on the basis of Art. 6 para. 1 p. 1 lit. b DS-GVO. You have the right to have a person (one of our employees) intervene, to express your own point of view and to contest the decision (Art. 22 (3) DS-GVO).
You can object to the transfer of your data to the credit agency at any time. However, payment by invoice will then not be possible.
It is possible that the credit agency processes your data outside the EU and the EEA. If this is the case, this data processing is based either on an adequacy decision of the European Commission or the Commission's standard contractual clauses. More information can be found in section 6.
We use the scoring exclusively to check whether a purchase on account is possible and to protect ourselves against possible payment defaults.
Trusted Shops Trustbadge
In order to optimise the marketing of our offer and to display the Trusted Shops seal of approval, the Trusted Shops Trustbadge is integrated on our website. This is an offer from Trusted Shops GmbH, Sub-belrather Str. 15C, 50823 Cologne, Germany. The Trustbadge is provided by a CDN provider (Content Delivery Network) within the framework of order processing. Trusted Shops GmbH also uses service providers from the USA. An appropriate level of data protection is guaranteed. Further information on the data protection of Trusted Shops GmbH can be found here: https://www.trustedshops.de/impressum/#datenschutz. This, as well as the associated data agreement, serves to protect our legitimate interests in the optimal marketing of our offer, which outweigh our interests in the context of a balancing of interests, in accordance with Art. 6 Para. 1 S. 1 lit. f DS-GVO. When the Trustbadge is called up, the web server automatically saves a server log file containing, for example, your IP address, the date and time of the call, the volume of data transferred and the requesting provider (access data) and documents the call. Individual access data are stored in a security database for the analysis of security anomalies. The log files are automatically deleted 90 days after creation at the latest. Further personal data will only be transferred to Trusted Shops if you decide to use Trusted Shops products after completing an order or have already registered to use them. In this case the contractual agreement between you and Trusted Shops applies. For this purpose, personal data is automatically collected from the order data. Whether you as a buyer are already registered for product use is automatically checked using a neutral parameter, the email address hashed by cryptological one-way function. The e-mail address is converted into this hash value, which cannot be deciphered by Trusted Shops, before it is transmitted. After checking for a match, the hash value is automatically deleted. If you do not use the Trusted Shops products yourself, only the order number is transmitted to Trusted Shops when the trust badge is integrated. This serves in particular the verification of later guarantees or ratings.
This is necessary for the fulfilment of our and Trusted Shops' overriding legitimate interests in the provision of the customer protection linked to the specific order and the transactional evaluation services in accordance with Art. 6 Para. 1 S. 1 lit. f DS-GVO. Further details, including the objection, can be found in the Trusted Shops privacy policy linked above and in the trust badge (https://www.trustedshops.de/impressum/#datenschutz).
d. Cookie data
We use cookies on our website.
The legal basis for the processing of data collected via cookies depends on the type of cookies and your behaviour. If you have consented to the use of cookies, we process the data collected by means of cookies on the basis of your consent (Art. 6 para. 1 sentence 1 lit. a DS-GVO). If you have refused the use of cookies, we only use data of so-called necessary cookies, i.e. cookies that are necessary for the initiation and processing of a contract with you (Art. 6 para. 1 p. 1 lit. b DS-GVO) or with regard to whose use we have a legitimate interest (Art. 6 para. 1 p. 1 lit. f DS-GVO). You can find more on this in our Cookie Policy.
e. Newsletter data
If you subscribe to our newsletter, our order processor processes the following data to combat abuse (Art. 6 para. 1 lit. f DS-GVO):
- Your first name (optional);
- Your last name (optional);
- Your email address;
- the date and time you accessed the newsletter;
- the description of the type of web browser used;
- the IP address of the requesting computer,
- the date and time of registration and confirmation.
Our newsletters contain so-called pixels (also called tracking pixels or web beacons). A pixel is an image file the size of a pixel. It is embedded in the e-mail to enable log file recording and log file analysis (e.g. IP address, time of e-mail call, browser type, activated links from the e-mail). This enables a statistical evaluation of the success or failure of our online marketing campaigns. For this purpose, your e-mail address and IP address are registered and we can see if and when an e-mail was opened and which of the links it contains were called up by you. The personal data obtained in this way is processed by our processor and sent to us in a report in order to optimise the newsletter dispatch and to better adapt the content of future newsletters to your interests. This personal data will not be passed on to third parties.
By subscribing to our newsletter you agree (Art. 6 para. 1 lit. a DS-GVO):
- That you will be informed by e-mail about news, offers and stories from our manufactory;
- that the data you provide during your subscription will be processed for this purpose; and
- that we process personal data by means of a so-called pixel in our newsletter emails to optimise our marketing (see below).
You can revoke your consent to receive the newsletter at any time and thus unsubscribe from the newsletter. This will only be effective for the future. The data processing that has taken place up to this point remains unaffected. You can revoke your consent by clicking on the link provided in every newsletter e-mail, on our website (https://sawade.berlin/newsletter) or by sending an e-mail to service@sawade.berlin.
We use the so-called double opt-in procedure to register for our newsletter. This means that after your registration we will send you an e-mail to the e-mail address you provided. You must verify your registration again via a link contained in the e-mail. In this way, we exclude the possibility of misuse of your data and can verify your registration in case of doubt.
If you receive an e-mail although you have not ordered the newsletter, you do not need to do anything further. Your e-mail address will then not be stored by us.
We use Klaviyo and Mailchimp to send the newsletter.
Klaviyo125 Summer StreetFloor 6Boston, MA 02111 USA.Mailchimp is a platform of
The Rocket Science Group, LLC675 Ponce de Leon Ave NE
Suite 5000
Atlanta, GA 30308 USA.
Klaviyo and Mailchimp processes the data in the USA. There is no adequacy decision by the Commission for the USA. We have concluded the Commission's standard contractual clauses with this service provider. He is therefore obliged to guarantee a level of protection for your data equivalent to the GDPR. You can find out more in our notice on data transfer to the USA.
f. Communication data
Our website contains a contact form. If you contact us via this form, the personal data you provide will be processed for the purpose of dealing with your request. If this request is related to an existing contract or a contract initiation, the processing is based on Art. 6 (1) sentence 1 lit. b DS-GVO. Otherwise, the processing is based on your voluntary transmission of the data and the associated consent to process your request (Art. 6 para. 1 sentence 1 lit. a DSGVO). You can revoke this consent at any time. This personal data will not be passed on to third parties.
g. Google
Our website integrates services from Google. You can find out more about this in our Cookie Policy or at Google's Privacy & Terms site
h. Google Fonts data
So that the fonts on our website can be displayed uniformly, we use so-called web fonts from Google. The processing is based on our legitimate interest in the correct and uniform presentation of our website (Art. 6 para. 1 p. 1 lit. f DS-GVO).
When you access our website, your browser loads the required web fonts into your browser cache in order to display texts and fonts correctly. For this purpose, your browser establishes a connection with Google's servers. This tells Google that our website is being accessed via your IP address. According to Google, the use of web fonts is not authenticated. No cookies are sent from website visitors to Google Fonts. Requests to the Google Fonts API are directed to resource-specific domains, so your requests for fonts are separate from requests you send to google.com when using other authenticated Google services.
For more information, please visit: https://developers.google.com/fonts/faq.
Google's privacy policy can be found at: https://policies.google.com/privacy?hl=de.
i. Google Maps
We use a plugin from Google Maps on our website to show you the locations of our branches. This is a service provided by Google Ireland Limited (registration number: 368047), Gordon House, Barrow Street, Dublin 4, Ireland.
Google Maps is initially blocked on our website. The Google Maps application and the respective plugin will only be activated once you have consented to the transmission of data to and data processing by Google. The data processing then takes place on the basis of Art. 6 Para. 1 S. 1 lit. a DS-GVO.
When you use Google Maps on our website, information about your use of this website and your IP address are transmitted to a Google server and also stored on this or other servers.
The transmission of data to the USA is based on your consent (Art. 49 para. 1 p. 1 lit. a DS-GVO). You can find out more about data transfer to third countries under point 6.
If you deactivate Javascript in your browser, you prevent Google Maps from running. However, you will then also not be able to use maps on our website.
j. Applicant data
If you send us your personal data in the course of an application, we will process it for the purpose of processing your application with your consent (expressed by the voluntary sending) (Art. 6 para. 1 p. 1 a DS-GVO).
After completion of the application procedure, the application data will be deleted after 6 months (legal basis § 15 AGG).
If we do not currently see any opportunity for cooperation, but find your application interesting and would like to include it in our applicant pool, we will ask you for a separate declaration of consent.
You have the option to object to the use of your data at any time. To do so, please send an informal e-mail to: bewerbung@sawade.berlin.
k. Advertising with Facebook (Facebook Pixel)
We use advertising measures of
Facebook Ireland Limited,
4 Grand Canal Square,
Grand Canal Harbour,
Dublin 2, Irland
(hereinafter "Facebook").
We have embedded so-called "Facebook Pixel" on our website. A pixel (also called tracking pixel or web beacon) is an image file the size of a pixel. It collects data such as your IP address, the time of the page view, the browser type, which links you click on, as well as the existence of cookies previously set by Facebook, and transmits this data to Facebook. By integrating the Facebook Pixel on our website, we can measure and evaluate the effect of our advertising measures and display our advertising measures to users of our website and the social networks Facebook and Instagram in an interest-based manner (including through so-called Custom Audiences).
The connection between Facebook and our website is made technically via the "Facebook Pixel". The legal basis for the processing of your data is Art. 6 para. 1 p. 1 lit. a DS-GVO, i.e. the integration only takes place with your consent.
Due to the marketing tools used, your browser automatically establishes a direct connection with the Facebook server when you visit our website. We have no influence on the scope and further use of the data collected by Facebook through the use of this tool and therefore present you with the processes known to us:
By integrating the Facebook pixel, Facebook receives the information that you have called up the corresponding web page of our website or clicked on one of our advertisements. If you are registered with a Facebook service, Facebook can associate your visit with your account. Even if you are not registered with Facebook or have not logged in, there is a possibility that the provider will find out your IP address and other identifying features and use them to create your profile.
The information collected is stored on Facebook servers, also in the USA. You can find more information regarding data transfer to the USA here. The legal basis for this transmission is your consents via our cookie banner.
You can revoke your consent at any time without affecting the permissibility of the processing until revocation. The easiest way to revoke your consent is via our Consent Manager or by clicking [here] . In addition, (logged-in users only) can object via the provider's function under the following link: www.facebook.com/settings/?tab=ads#_
Further information on data processing by Facebook is available at www.facebook.com/about/privacy.
Should the above-mentioned legal basis for data processing no longer apply and should we still have a legitimate interest in data processing, further data processing is based on Art. 6 (1) sentence 1 lit. f DS-GVO. Such a legitimate interest exists in particular as long as we need the data to enforce claims, possible warranty claims come into consideration, current or immediately foreseeable legal disputes are to be conducted or we need the data to combat abuse. If we are obliged to further process the data due to legal regulations, the processing is carried out for this purpose (Art. 6 Para. 1 S. 1 lit. c DS-GVO).
4. How long will your data be processed or when will it be deleted?
Your data will only be processed for as long as is necessary to achieve the above-mentioned processing purposes. The legal bases stated in connection with the respective processing purpose are decisive.
Processing may take place beyond the originally intended time if the data is required for a (threatened) legal dispute (Art. 6 para. 1 sentence 1 lit. f DS-GVO, Art. 17 para. 3 lit. e DS-GVO) or other legal proceedings or if the storage is provided for by legal regulations to which we are subject as the responsible party (e.g. § 257 HGB, § 147 AO) (Art. 6 para. 1 sentence 1 lit. c DS-GVO, Art. 17 para. 3 lit. b DS-GVO).
If there is no longer a legal basis for data processing, your personal data will be deleted.
Regarding the use and storage duration of cookies, please refer to our Cookie Policy.
5. To whom is personal data transmitted?
a. Processor
Like many companies, we also use external domestic and foreign service providers (e.g. for IT, logistics, telecommunications, sales and marketing) to process our business transactions. These service providers only act on our instructions and are contractually obliged to comply with data protection regulations in accordance with Article 28 of the Data Protection Regulation.
b. Other responsible persons
For some processes, we work together with other responsible parties. In doing so, we also exchange personal data with them. This is done on the basis of joint agreements in accordance with Art. 26 of the GDPR.
c. Recipient categories
In addition to the providers expressly named in section 3, the following categories of recipients, who are usually order processors, may receive access to your personal data:
- Service providers for the operation of our website and the processing of data stored or transmitted by the systems (e.g. for data centre services, IT security). The legal basis for data processing is Art. 6 para. 1 sentence 1 lit. b or lit. f DS-GVO. With regard to the data processed by cookies, you will find the recipients in the Cookie Policy;
- the payment service provider selected by you. The legal basis for data processing is your consent (Art. 6 para. 1 sentence 1 lit. a DS-GVO).
- Government agencies/authorities, insofar as this is necessary to fulfil a legal obligation. The legal basis for data processing is Art. 6 para. 1 p. 1 lit. c DS-GVO;
- Persons commissioned and appointed in the course of our business operations (e.g. auditors, banks, insurance companies, legal advisors, supervisory authorities, etc.). The legal basis for the disclosure is Art. 6 para. 1 sentence 1 lit. b or lit. f DS-GVO.
In addition, we will only disclose your personal data to third parties if you have expressly consented to this (Art. 6 para. 1 p. 1 lit. a DS-GVO).
6. Do we share personal data with third countries?
Some processing operations involve the transfer of your data to third countries outside the European Union. However, such processing is only carried out to fulfil contractual and business obligations and to maintain your business relationship with us.
If data is transferred to third countries, this is done either on the basis of a so-called adequacy decision of the European Commission or on the basis of standard contractual clauses of the European Commission pursuant to Art. 46 DS-GVO. Where necessary and technically feasible, we have taken technical measures to further protect your data.
Through the adequacy decisions, the European Commission certifies a level of data protection that is comparable to the EEA standard (a list of these countries and the adequacy decisions can be found at https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/adequacy-decisions_en).
Other third countries may not have a level of data protection comparable to the EEA standard. In such cases, we ensure that data protection is nevertheless adequately guaranteed. This is possible via binding company regulations, standard contractual clauses of the European Commission for the protection of personal data (Art. 46 DS-GVO), certificates or recognised codes of conduct.
You can find more information in the description of the respective data processing and in the notice on data transfer to the USA.
7. Do we use social media plugins?
We do not use social media plugins on our website. If our website contains icons from social media providers (e.g. Facebook, Instagram), we only use these for passive linking to the pages of the respective providers. The data protection conditions of the respective providers apply.
8. What about the data from our company pages on social networks?
We maintain publicly accessible profiles on various social networks. When you visit our profiles, your personal data is collected, used and stored not only by us, but also by the operators of the respective social network. We and the operator of the respective social network are jointly responsible for this processing. The processing also takes place if you yourself do not have a profile in the respective social network. The respective data protection provisions for our company pages on social networks apply.
9. What are your rights?
You can assert your rights as a data subject with regard to your personal data processed by us at any time. You will find our contact details under point 1.
As a data subject, you have the right:
- To request information about your data processed by us. In particular, you can request information about the processing purposes, the category of data, the categories of recipients to whom your data have been or will be disclosed, the planned storage period and the origin of your data (Art. 15 DS-GVO);
- demand the correction of inaccurate or the completion of your data stored by us without delay (Art. 16 DS-GVO);
- demand the deletion of your data stored by us, unless processing is necessary for the exercise of the right to freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the assertion, exercise or defence of legal claims (Art. 17 DS-GVO);
- to demand the restriction of the processing of your data, insofar as the correctness of the data is disputed by you or the processing is unlawful (Art. 18 DS-GVO);
- to receive your data that you have provided to us in a structured, common and machine-readable format or to request the transfer to another controller (Art. 20 DS-GVO);
- object to processing if the processing is based on Art. 6 (1) sentence 1 lit. e or lit. f DS-GVO. This is particularly the case if the processing is not necessary to fulfil a contract with you (Art. 21 DS-GVO);
- revoke your consent once given to us at any time. This means that we may no longer continue the data processing based on this consent in the future (Art. 7 (3) DS-GVO); and
- complain to a data protection supervisory authority about the processing of your personal data by our company (Art. 77 DS-GVO), for example to the data protection supervisory authority responsible for us:
Berlin Commissioner for Data Protection and Freedom of Information,
Friedrichstraße 219
10969 Berlin
Telephone: 030/138 89-0
E-mail: mailbox@datenschutz-berlin.de
Homepage: https://www.datenschutz-berlin.de
10. Changes to the data protection notice
In the context of the further development of data protection law as well as technological or organisational changes, our data protection information is regularly reviewed to determine whether it needs to be adapted or supplemented. You will be informed of any changes in particular on our website.
This data protection notice is valid as of: Mai 2022.