Privacy Policy
Data protection declaration
1. Information about the collection of personal data and contact details of the responsible party
2. Data collection when visiting our website
3. Contact
4. Cookies
5. Data processing for order processing
6. Data processing when creating a customer account and for contract processing
7. Use of your data for direct advertising
8. Use of social media: video
9. Online marketing
10. Web analysis services
11. Tools and other information
12. Rights of the Analyzed Person
13. Duration of storage of personal data
1. Information about the collection of personal data and contact details of the responsible party
1.1. Thank you for visiting our website. Below we would like to inform you about how your personal data is handled when you use our website. Personal data refers to all data with which you can be personally identified.
1.2. The party responsible for the processing of data on our website within the meaning of the General Data Protection Regulation (GDPR) is:
Kuntze Erben GbR
Siemensring 89
47877 Willich
Germany
Tel.: +49 2154 8877373
Fax: +49 2154 8877296
Email: info@bus-ok.de.
1.3. To protect the security of your data during transmission, we use state-of-the-art encryption methods (e.g. SSL or TSL) over HTTPS.
2. Data collection when visiting our website
Each time you visit our website, our system automatically records data and information that your browser transmits to our server (so-called "server log files"). The following data, which is technically necessary for us, is collected:
- Our visited website
- Date and time of access
- Amount of data sent in bytes
- Source/reference from which you came to the page
- Operating system used
- Browser used
- IP address used (if applicable: in anonymized form)
We reserve the right to subsequently review the server log files if there are concrete indications of illegal use. The data will be deleted as soon as it is no longer required to achieve the purpose for its collection purpose. If the data is collected to provide the website, this is the case when the respective session has ended.
In the case of data storage in log files, this is done after seven days at the latest. Storage beyond this period is possible. In this case, the IP addresses of the users are deleted or anonymized so that it is no longer possible to assign them to the accessing client. The collection of data for the provision of the website and the storage of data in log files is essential for the operation of the website. Consequently, there is no possibility for the user to object.
3. Contact
If you contact us via the contact form, the data entered in the input mask will be transmitted to us and stored. The data collected can be found in the respective input mask. If you contact us by email, only the data you enter there will be transmitted to us.
The data will be used exclusively to process the conversation and your request. If the user has given their consent, the legal basis for processing the data is Art. 6 (1) (a) GDPR. The legal basis for processing data transmitted when sending an email is Art. 6 (1) (f) GDPR. If the email aims to create a contract, an additional legal basis for processing is Art. 6 (1) (b) GDPR. The data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected and provided that there are no statutory retention periods. For personal data from the input mask of the contact form and data sent by email, this is the case when the respective conversation with the user has ended. The conversation is ended when it can be inferred from the circumstances that the matter in question has been conclusively clarified. The user has the option of revoking their consent to the processing of personal data at any time. If the user contacts us by email, they can object to the storage of their personal data at any time. In such a case, the conversation can not be continued.
4. Cookies
Our website uses cookies.
Cookies are text files that are stored on the user's device. When a user visits a website, a cookie can be stored on the user's operating system. Some functions of our website cannot be offered without the use of cookies. This requires that the browser is recognized even after a page change. The user data collected by technically necessary cookies is not used to create user profiles. For the above-mentioned purposes, our legitimate interest in processing personal data according to Art. 6 (1) (f) GDPR also lies.
In addition, our website may use cookies that enable an analysis of user surfing behavior (so-called third-party cookies). Further information on the scope, purpose, legal basis and options for objection can be found in the respective sections of the respective chapter of this data protection declaration.
As a user, you have full control over the use of cookies. You can deactivate, restrict, or delete the transmission of cookies by changing the settings in your internet browser. If you deactivate cookies for our website, you may no longer be able to fully use all of the website's functions. You can prevent the transmission of Flash cookies by changing the Flash Player settings.
You can find help with the settings in your browser's help menu or at the following links:
Internet Explorer: http://windows.microsoft.com/de-DE/windows-vista/Block-or-allow-cookies
Firefox: https://support.mozilla.org/de/kb/cookies-erlauben-und-ablehnen
Chrome: http://support.google.com/chrome/bin/answer.py?hl=de&hlrm=en&answer=95647
Safari: https://support.apple.com/de-de/guide/safari/sfri11471/mac
Opera: https://help.opera.com/en/latest/web-preferences/#cookies
Some of the cookies used here are deleted when you close your browser (so-called session cookies). Other cookies remain on your device and enable us or our partner companies (third-party cookies) to recognize your browser the next time you visit (persistent cookies). If cookies are set, they collect and process certain user information to an individual extent, such as browser and location data as well as IP address values. Persistent cookies are automatically deleted after a specified period of time, which can vary depending on the cookie.
5. Data processing for order processing
5.1. If you would like to order from our online shop, it is necessary for the conclusion of the contract that you provide your personal data, which we need to process your order. We process the data you provide to process your order.
In some cases, we work together with external service providers to process your order. For this, we must pass on the personal data required for this.
If we commission transport companies to deliver your goods, we share your data required for the delivery of the goods to the respective transport company. To process payments, we share on your data to the commissioned credit institution as far as necessary. If we use payment service providers, you will also be informed of this below.
The legal basis for the transfer of your data is Art. 6 (1) (b) GDPR.
5.2. Use of payment service providers
- Mollie
If you select a payment method from the payment service provider Mollie BV, Keizersgracht 313, 1016 EE Amsterdam (hereinafter referred to as "Mollie"), payment processing will be carried out via Mollie. We will transfer your personal data, along with information about your order (name, address, account number, bank sort code, credit card number if applicable, invoice amount, currency, and transaction number), to Mollie in accordance with Art. 6 (1) (b) GDPR solely for the purpose of payment processing and only to the extent necessary.
- Paypal
If you select the payment method PayPal, credit card via PayPal, direct debit via PayPal, or – if offered – "purchase on account" or "payment by installments" via PayPal, payment will be processed via PayPal (Europe) Sarl et Cie, SCA, 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter referred to as "PayPal").
We will pass on your personal data to PayPal as necessary in accordance with Art. 6 (1) (b) GDPR. PayPal reserves the right to conduct a credit check for the payment methods credit card via PayPal, direct debit via PayPal, or – if offered – "purchase on account" or "payment by installments" via PayPal.
For this purpose, your payment data may be passed on to credit agencies in accordance with Art. 6 (1) (f) GDPR due to PayPal's legitimate interest in determining your ability to pay. PayPal uses the result of the credit check with regard to the statistical probability of default to decide whether to provide the respective payment method.
The credit report may contain probability values (so-called score values). If score values are included in the result of the credit report, they are based on a scientifically recognized mathematical-statistical procedure. The calculation of the score values includes, among other things, but not exclusively, address data.
What other data PayPal collects can be found in the respective PayPal privacy policy. This can be found at: https://www.paypal.com/de/webapps/mpp/ua/privacy-full
You can object to this processing of your data at any time by sending a message to PayPal. However, PayPal may still be entitled to process your personal data if this is necessary for contractual payment processing.
6. Data processing when creating a customer account and for contract processing
If you create a customer account on BUS-ok.de, personal data will be collected and processed in accordance with Art. 6 (1) (b) GDPR. The scope of the data can be seen from the input form. The data you enter will be stored and used by us to process the contract.
You can delete your customer account at any time. This can be done by sending a message to the responsible person's address or, if offered, directly in your customer account. In this case, we will also block your data in accordance with tax and commercial retention periods and delete it after these periods have expired. This can only be prevented by your consent to permanent storage or by a legally permitted further use of the data on our part.
7. Use of your data for direct marketing
7.1. Newsletter
On our website you have the option of subscribing to a free newsletter. When you register for the newsletter, the data from the input mask is transmitted to us. The only mandatory information is your email address. If you make further voluntary entries, these will only be used for personal contact.
The legal basis for processing your data after registering for the newsletter is Art. 6 (1) (a) GDPR, provided the user has given their consent. We obtain this consent by sending you a confirmation email containing a confirmation link after registering for the newsletter. By clicking on this link you also consent to receive the newsletter.
When you submit your registration for the newsletter, we save your IP address as well as the date and time of registration. This storage serves to trace any possible misuse of your email address.
We use the data we collect when you register for the newsletter exclusively for the purpose of sending the newsletter.
You can cancel your subscription to the newsletter at any time. A corresponding link is included in every newsletter for this purpose. This also allows you to revoke your consent to the storage of personal data collected during the registration process.
7.2. Sendinblue
We send our newsletters via Sendinblue GmbH, Köpenicker Str. 126, 10179 Berlin (hereinafter referred to as "Sendinblue").
We pass on the data you enter when registering for the newsletter to Sendinblue in accordance with Art. 6 (1) (f) GDPR to protect our legitimate interest in using an effective, secure, and user-friendly newsletter system.
The data entered when subscribing to the newsletter (e.g. email address) is stored on Sendinblue's servers in Germany. Your data is used by Sendinblue to send and statistically evaluate the newsletter on our behalf. For this purpose, the newsletter emails contain so-called web beacons or tracking pixels, which are single-pixel image files stored on our website. This makes it possible to track whether a newsletter email was opened and which links were clicked. With the help of this conversion tracking, it is also possible to track whether an action (such as the purchase of an item from our shop) was performed after opening a link in the newsletter. Technical information is also recorded (e.g. the time of retrieval, your IP address, browser type and/or operating system). This data is collected exclusively in pseudonymous form and is not linked to your other personal data. If you do not want the data analysis described here, you must unsubscribe from the newsletter. A data processing agreement is in place with Sendinblue.
Details on Sendinblue's privacy policy can be found at:
https://de.sendinblue.com/legal/privacypolicy/
8. Use of social media: Video
Use of YouTube videos
On this website, we use the YouTube embedding function to display and play videos from the provider "YouTube," which is owned by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google"). We use the extended data protection mode, which, according to the provider, only triggers the storage of user information when the video(s) is played. When you start playing embedded YouTube videos, the provider "YouTube" uses cookies to collect information about your user behavior. According to "YouTube," these serve, among other things, to collect video statistics, improve user-friendliness, and prevent abusive behavior. If you are logged in to Google, your data will be assigned directly to your account.
If you do not wish to be associated with your YouTube profile, you must log out before activating the button. Google stores your data (even for users who are not logged in) as user profiles and evaluates them. Such evaluation is carried out in particular in accordance with Art. 6 (1) (f) GDPR on the basis of Google's legitimate interests in displaying personalized advertising, market research, and/or tailoring a website to meet user needs. Likewise, our legitimate interest in embedding videos in accordance with Art. 6 (1) (f) GDPR lies in evaluating user behavior, designing our website according to user interests, and exploiting the financial potential of our website.
You have the right to object to the creation of these user profiles; to exercise this right, you must contact YouTube. Regardless of whether the embedded videos are played, a connection to the Google "DoubleClick" network is established each time this website is accessed, which may trigger further data processing operations beyond our control.
Data may also be transmitted to Google LLC servers in the USA. Further information on data protection at "YouTube" can be found in the provider's privacy policy at: https://policies.google.com/privacy?hl=de Settings for personalized advertising are possible at: https://adssettings.google.com/authenticated .
Google LLC, based in the USA, is certified for the US-European data protection agreement "EU-US Data Privacy Framework", which guarantees compliance with the data protection level applicable in the EU. Details can be found here: https://privacy.google.com/businesses/gdprcontrollerterms/
9. Online marketing
Use of Google Ads Conversion Tracking
This website uses the online advertising program "Google Ads" and, as part of Google Ads, conversion tracking from Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google").
Our offers are advertised on external websites with the help of advertising materials (so-called Google Adwords). Our legitimate interest lies in displaying advertising that is relevant to you and in achieving a fair calculation of advertising costs. The legal basis is Art. 6 (1) (f) GDPR.
Google Ads uses cookies for conversion tracking, which are set when you click on an AdWords ad placed by Google.
These cookies generally expire after 30 days and are not used for personal identification. Each Google Ads customer receives a different cookie, so cookies cannot be tracked across Ads customers' websites.
The information obtained in this way is used to compile conversion statistics for Ads customers regarding the total number of users who clicked on their ad and were redirected to a page containing a conversion tracking tag.
This does not personally identify you.
If you wish to prevent tracking, you can deactivate the Google Conversion Tracking cookie via your internet browser under user settings.
Google LLC, based in the USA, is certified for the US-European data protection agreement "EU-US Data Privacy Framework", which guarantees compliance with the data protection level applicable in the EU. You can find further information about Google's privacy policy at the following internet address: http://www.google.de/policies/privacy/
You can permanently deactivate conversion cookies by setting your browser accordingly or by downloading and installing the browser plug-in available at the following link:
http://www.google.com/settings/ads/plugin?hl=de
In this case, certain functions of this website may not be available or may only be available to a limited extent.
10. Web analysis services
10.1. Google Analytics 4
We use Google Analytics 4 on our website, a web analysis service provided by Google Ireland Limited (Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland) (hereinafter referred to as "GA4").
Google Analytics uses "cookies." These are small text files that are stored on your device and that enable an analysis of your website use. The information generated in this way about your use of the website (including your shortened IP address) is transmitted to a Google server, where it is stored and processed. Transmission to the USA is possible. IP addresses are anonymized by default. For IPv4 addresses, the last octet and for IPv6 addresses, the last 80 bits in memory are set to zero and thus "anonymized." Personal reference is excluded. Transmission to Google LLC servers in the USA is not excluded.
During your website visit, GA4 records your user behavior in the form of "events," such as: page views, first-time visit to the website, start of the session, your "click path," interaction with the website, scrolls, clicks on external links, internal search queries, interaction with videos, file downloads, ads viewed/clicked, and language settings. GA4 also records your approximate location (region), your IP address (in anonymized form), technical information about your browser and the devices you use (e.g., language settings, screen resolution), your internet provider, and the referrer URL (from which website/advertisement you came to this website).
Google uses this information on our behalf to evaluate your website usage, compile reports on website activity, and provide us with other services related to website activity and internet usage. Your IP address, which is anonymized in this context, will not be merged with other Google data.
The data collected in this context will be stored for fourteen months.
The legal basis for the data processing described here and the use of cookies is your
express consent in accordance with Art. 6 (1) (a) GDPR. This consent can be revoked at any time with future effect, for example by deactivating this Google service via the Cookie Consent Tool in which you have already given your consent.
Without your consent, Google Analytics 4 will not be used during your visit to the site. You can revoke your consent at any time with future effect. To exercise your right of revocation, please deactivate this service using the "Cookie Consent Tool" provided on the website.
Google LLC, based in the USA, is certified for the US-European data protection agreement "EU-US Data Privacy Framework," which guarantees compliance with the level of data protection applicable in the EU.
We have also concluded a data processing agreement with Google.
Further information on data protection through Google Analytics 4 can be found on the following websites:
https://policies.google.com/technologies/partner-sites
and
https://policies.google.com/privacy?hl=de&gl=de
Demographic characteristics
GA4's "demographic characteristics" feature can create statistics that can be used to determine the age, gender, and interests of site visitors. For this purpose, advertising and information from third-party providers are analyzed and target groups for specific marketing activities are identified. However, no personal assignment of data takes place. The data is deleted after fourteen months.
User IDs:
If we use the extended "User IDs" feature, your activities (including conversions) can be analyzed across devices. In this case, the analysis is not pseudonymous.
This is possible if you have given your consent to the use of Google Analytics 4 in accordance with Art. 6 (1) (a) GDPR, you have set up an account on this website, and you log in with this account on various devices.
Google Signals:
If we use the "Google Signals" extension, we can compile cross-device reports on your usage behavior. However, we only receive statistics and no personal data. This analysis is only possible if you have activated personalized ads in your Google Account and have linked your devices to a Google Account. Likewise, your consent to the use of Google Analytics must be obtained in accordance with Art. 6 (1) (a) GDPR. Cross-device analysis can be prevented by deactivating the "personalized advertising" function in your Google account. Further information on Google Signals can be found here: https://support.google.com/analytics/answer/7532985?hl=de
10.2. Hotjar (hotjar Ltd.)
We use the web analysis service Hotjar from Hotjar Ltd (Hotjar Ltd, Level 2, St Julians Business Centre, 3, Elia Zammit Street, St Julians STJ 1000, Malta, Europe Tel.: +1 (855) 464-6788) on this website.
This tool can be used to track movements on our websites (so-called heat maps). It can be seen, for example, how far you scroll and which buttons you click and how often. This gives us the information we need to make our websites faster and more customer-friendly. Our legitimate interest lies in designing our website in line with your interests and for marketing purposes. The legal basis is Art. 6 (1) (f) GDPR. Areas of the website in which personal data from you or third parties is displayed are automatically hidden by Hotjar and not analyzed. You can prevent the use of the Hotjar tool using a "Do Not Track header". This is a setting that all common browsers in their current versions support. If you use our website with different browsers, you must set up the "Do Not Track header" separately for each of these browsers/computers. Detailed instructions with information about your browser can be found here: https://www.hotjar.com/opt-out Further information about Hotjar Ltd. and about the Hotjar tool can be found here: https://www.hotjar.com
The data transfer is based on the standard contractual clauses of the EU Commission. Details can be found here: https://help.hotjar.com/hc/de/articles/4424713971607-EU-Standardvertragsklauseln-SCCs-Rahmen
The privacy policy of Hotjar Ltd. can be found here: https://www.hotjar.com/privacy
11. Tools and Other
11.1. Google reCAPTCHA
We use the reCAPTCHA function of Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google") in accordance with Art. 6 (1) (f) GDPR due to our legitimate interest in preventing misuse and spam.
reCAPTCHA is a function designed to ensure that an entry is made by a natural person.
The service sends your IP address and, if applicable, other data required by Google for the reCAPTCHA service to Google.
When using Google reCAPTCHA, your personal data may also be transmitted to the servers of Google LLC in the USA.
Google LLC, based in the USA, is certified for the US-European data protection agreement "EU-US Data Privacy Framework," which guarantees compliance with the data protection level applicable in the EU. You can find further information about Google's privacy policy at the following internet address: http://www.google.de/policies/privacy/
11.2. Google Web Fonts
We use so-called web fonts provided by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google") for the uniform display of fonts.
As soon as you visit our website, your browser loads the required web fonts into the browser cache.
To do this, your browser must establish a connection to Google's servers, which means that Google will transmit your IP address. In this case, your personal data may also be transferred to the servers of Google LLC in the USA.
The legal basis is Art. 6 (1) (a) GDPR, namely your express consent.
If your browser does not support web fonts or you refuse to use them, a standard font from your computer will be used.
Details about Google Web Fonts can be found here:
https://developers.google.com/fonts/faq
Google LLC, based in the USA, is certified for the US-European data protection agreement "EU-US Data Privacy Framework", which guarantees compliance with the data protection level applicable in the EU. You can find further information about Google's data protection provisions at the following internet address: http://www.google.de/policies/privacy/
12. Rights of the Analyzed Person
12.1. Applicable data protection law grants you comprehensive rights as a data subject (rights to information and intervention) vis-à-vis the controller with regard to the processing of your personal data, about which we will inform you below:
- Right of information pursuant to Art. 15 GDPR:
You can request confirmation from the controller as to whether personal data concerning you is being processed by the controller. In addition, you have the right to information about the purpose, the categories of personal data, the recipients, the planned duration of storage and the existence of other rights such as rectification of the data or the right to lodge a complaint with a supervisory authority, the origin of your data if it was not collected by us, the existence of automated decision-making including profiling and, if applicable, meaningful information about the logic involved and the scope and intended effects of such processing concerning you, as well as your right to be informed of the guarantees in place pursuant to Art. 46 GDPR when your data is transferred to third countries;
- Right to rectification pursuant to Art. 16 GDPR:
You have the right to have inaccurate data concerning you rectified without undue delay and/or to have incomplete data stored by us completed; the rectification or completion must be carried out without undue delay.
- Right to restriction of processing pursuant to Art. 18 GDPR:
You have the right to request that the processing of your personal data be restricted as long as the accuracy of your data, which you contest, is being verified; if you refuse to delete your data due to unlawful data processing and instead request that the processing of your data be restricted; if you need your data to assert, exercise or defend legal claims after we no longer need this data after the purpose has been achieved, or if you have lodged an objection for reasons related to your particular situation, as long as it has not yet been determined whether our legitimate reasons prevail;
If the processing of personal data concerning you has been restricted, this data may - with the exception of its storage - only be processed with your consent or for the assertion, exercise or defense of legal claims or to protect the rights of another natural or legal person or for reasons of important public interest of the Union or a Member State. If the restriction of processing has been restricted, you will be informed by the controller before the restriction is lifted.
- Right to erasure pursuant to Art. 17 GDPR:
You have the right to have your personal data erased immediately if the requirements of Art. 17 Para. 1 GDPR are met. However, this right to erasure does not exist in particular - but not exclusively - if processing is necessary to exercise the right to freedom of expression and information, to fulfill a legal obligation, for reasons of public interest or to assert, exercise or defend legal claims
- Right to information pursuant to Art. 19 GDPR:
If you have exercised your right to rectification, erasure or restriction of processing, the controller is obliged to inform all recipients to whom your personal data was disclosed of this rectification or erasure of the data or restriction of processing, unless doing so is impossible or involves disproportionate effort. You also have the right to be informed about these recipients.
- Right to data portability pursuant to Art. 20 GDPR:
You have the right to receive the personal data you have provided to us in a structured, common, and machine-readable format or to request that it be transmitted to another controller, where technically feasible;
- Right of revocation pursuant to Art. 7 (3) GDPR:
You have the right to object at any time to the processing of personal data concerning you which is carried out on the basis of Art. 6 (1) (e) or (f) GDPR; this also applies to profiling based on these provisions.
You also have the right to revoke your declaration of consent under data protection law at any time with future effect. The revocation of consent does not affect the legality of the processing carried out on the basis of the consent up to the time of revocation.
- Right to lodge a complaint pursuant to Art. 77 GDPR:
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your residence, place of work or place of the alleged infringement, if you believe that the processing of personal data concerning you violates the GDPR.
12.2. Right of objection
You have the right to object to the processing of your data at any time with future effect if we process your data based on our overriding legitimate interest after weighing up our interests.
If you exercise this right of objection, we will stop processing your data unless there are demonstrably compelling legitimate reasons for termination, or if further processing serves the exercise or defense of legal claims.
13. Duration of storage of personal data
The duration of storage of personal data depends on statutory retention periods. After these periods have expired, we routinely delete the data if it is no longer required to fulfill or initiate a contract and/or we no longer have a legitimate interest in continuing to store it.
