1. Person responsible and general information
Your data will be processed by Cerena GmbH, managing partner Arne Kreitzberg, Sandstr. 27, 42655 Solingen, Germany, Tel.: +49 (0) 212-380 2080, e-mail: firstname.lastname@example.org - service provider in the sense of the German Telemedia Act (TMG) and data controller in the sense of the General Data Protection Regulation (GDPR). We also mean Cerena GmbH when we use phrases such as "we" or "us". In this document, "Cerena" means www.cerena-shop.de and www.cerena.de , in each case including all subpages, content and functions available there. Individual parts of Cerena are also referred to below as "online services". We also mean these insofar as we refer to a website below.
Our Services are intended for the general public and not for children. We do not knowingly collect personal data from users who are considered children under the relevant national legislation.
2. Collection and processing of personal data
As a rule, you can use online services that do not require payment or registration without providing personal data. In certain cases, however, we process the personal data listed in section 3. As a matter of principle, this is only done to the extent necessary to provide a functional website and our content and services. Furthermore, we process personal data in connection with the use of Cerena if you provide it of your own accord, e.g. in the context of a registration, a purchase, an inquiry to us or because there is another legal basis for doing so (see section 4.). If you do not wish to do so, you will unfortunately not be able to use our services or not to the full extent.
3. Categories of Data Processed
As soon as you use Cerena, our system automatically collects information from the computer system of the calling computer. Among other things, the following data may be collected:
- Information about the browser type and version used.
- Operating system of the user
- mobile device ID
- Date and time of access
- Cookie ID, Ad ID
- Websites from which the user accesses our website
- Websites that the user accesses via our website
In addition, we process the following personal data if a contractual relationship exists between you and us or you have otherwise transmitted the data to us:
- Personal master data (name, address, date of birth)
- Communication data (telephone number, e-mail address)
- Contract master data (contractual relationship, product or contractual interest, order history)
- Login data with password
- Billing and payment data
4. Legal basis and purposes of processing
We process your data exclusively on the basis of one or more of the possible legal bases.
According to the GDPR, personal data may be processed in particular on the basis of a contract or for the implementation of pre-contractual measures, if consent has been given, on the basis of a legitimate interest or a law, and for the protection of vital or public interests.
Registration is required for the provision of certain content or services on our website. Any user can register free of charge by providing Cerena with your first name, last name, address, telephone number, e-mail address and a password, which will transmit your registration data to us. The collection and processing of this data is done to fulfill the contract of use between us and the user, Art. 6 para. 1 lit. b DSGVO.
When you purchase one of our products, we use your contract master data, including contact data, for the performance and fulfillment of the contract, as is the case, for example, with processing operations that are necessary for a delivery of goods or the provision of any other service or consideration, as well as the enforcement of legal claims or receivables (Art. 6 para. 1 lit. b DSGVO). The same applies to such processing operations that are necessary for the performance of pre-contractual measures, for example in cases of inquiries about our products or services. In the case of paid services, we process certain data because we are subject to a legal obligation by which a processing of personal data becomes necessary, such as for the fulfillment of tax obligations (Art. 6 para. 1 lit. c DSGVO).
We also use your e-mail address collected in the course of registration or in the performance of the contract to inform you by e-mail about our own similar goods or services and about Cerena in general. In this case, the processing of the e-mail address is based on our legitimate interest in advertising our goods and services (Art. 6 para. 1 lit. f DSGVO).
On the Internet, every device requires a unique address, the so-called IP address, for the transmission of data. The at least temporary storage of the IP address is technically necessary to enable delivery of the website to the user's computer. Our servers also store your IP address for their own security purposes for a certain period of time and then delete it.
In the case of processing operations that are not covered by one or more of the aforementioned legal bases, processing takes place if it is necessary to protect a legitimate interest and, based on a comprehensive weighing of interests, does not override your interests, fundamental rights and freedoms (Art. 6 (1) f DSGVO). A legitimate interest can be assumed if the data subject is a customer of the controller. If the processing of personal data is based on this, our legitimate interest is in particular the performance of our business activities for the benefit of the well-being of all our employees and our shareholders.
Our legitimate interest in being able to offer you customized products, to inform you about our products, innovations and quality features, as well as to continuously improve our services and products and thereby also increase our sales, is the legal basis for processing for the purpose of direct marketing (own advertising and third-party advertising) and web/app analytics. For web analytics services in detail, see section 9.
Our legitimate interest in fraud prevention, ensuring network and information security and the reliability of our service provision or products also serves as the legal basis for processing certain data.
Another legitimate interest is the functionality of the company's operations, on the basis of which processing is carried out for internal administrative purposes (e.g. address management / billing).
You can object to processing on the basis of a legitimate interest at any time (see item 13.).
In the event that the data is processed for a purpose other than that stated when the data was collected, a compatibility check is carried out in accordance with Art. 6 (4) DSGVO. Further processing is then only permitted if the original purpose is compatible with the new purpose or is permitted on the basis of a separate legal basis. Recognized compatible purposes include the assertion, exercise or defense of civil claims unless there is an overriding interest of the data subject. In this case, we will inform you about the change of purpose. If the new purpose is not compatible with the purpose stated at the time of collection, a new collection will take place on the basis of a new legal basis. Here, too, we will inform you about the change of purpose.
5. Place of processing
We ourselves do not transfer your personal data to countries outside the European Economic Area, except in cases where it is permitted under the GDPR. Whether third parties with whom you have your own contractual relationship (such as with Facebook, if you have a Facebook account) transfer data to countries outside the European Economic Area is beyond our knowledge and control.
6. Origin of data
In some cases, we collect this data ourselves, as described above. In certain cases, we also receive data because you have consented to its transmission to us, such as when ordering products.
7. Transfer of your data to third parties
We will only transfer your personal data to third parties if the transfer is necessary to fulfill our contractual obligations to you and this is obviously done at or together with another provider, we are otherwise legally entitled or obliged to transfer the data, or you have given us your consent to do so.
In order to provide our service, selected personal data within our company may be communicated to certain departments. This includes employees in the Accounting, Product Management, Marketing and IT departments.
In certain cases, we also use external service providers or affiliated companies that are commissioned by us to process data for us in accordance with instructions. Such service providers are contractually obligated by us as processors in accordance with the strict requirements of the GDPR and may not use your data for any other purposes. Processors used by us provide the following services for us in particular: Store provider, payment service(s), hosting.
The transfer of data to processors takes place on the basis of Art. 28 (1) DSGVO, alternatively on the basis of our legitimate interest in the economic and technical benefits associated with the use of specialized processors, Art. 6 (1) lit. f DSGVO.
If we are legally obliged to do so or if this is permitted under data protection law, we transmit personal data to authorities, for example the police or public prosecutor's office (Art. 6 para. 1 lit. c DSGVO). The transfer of this data is based on our legitimate interest in combating abuse, prosecuting criminal offences and securing, asserting and enforcing claims and that your rights and interests in the protection of your personal data are not overridden, Art. 6 (1) lit. f DSGVO.
8. Cookies and similar technologies
We use two types of cookies. On the one hand, technically necessary cookies, without which the functionality of our website would be limited, and optional cookies to make our website more user-friendly. The user data collected through technically necessary cookies are not used to create user profiles.
You can prevent the setting of cookies by us at any time by means of an appropriate setting of the Internet browser used and thus permanently object to the setting of cookies. Furthermore, cookies that have already been set can be deleted at any time using an Internet browser or other software programs. This is possible in all common Internet browsers. If you deactivate the setting of cookies in the Internet browser used, not all functions of our website may be fully usable.
9. Social networks
We have integrated components of the company Facebook on this website. Facebook is a social network. The operating company of Facebook is Facebook Inc, 1 Hacker Way, Menlo Park, CA 94025, USA. The controller of personal data, if a data subject lives outside the USA or Canada, is Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.
Each time one of the individual pages of this website operated by us and on which a Facebook component (Facebook plug-in) has been integrated, the Internet browser on the information technology system of the data subject is automatically caused by the respective Facebook component to download a representation of the corresponding Facebook component from Facebook. A complete overview of all Facebook plug-ins can be found at https://developers.facebook.com/docs/plugins/?locale=de_DE. Within the scope of this technical procedure, Facebook receives knowledge of which specific sub-page of our website is visited by the data subject.
If the data subject is logged in to Facebook at the same time, Facebook recognizes which specific sub-page of our website the data subject is visiting each time the data subject calls up our website and for the entire duration of the respective stay on our website. This information is collected by the Facebook component and assigned by Facebook to the respective Facebook account of the data subject. If the data subject activates one of the Facebook buttons integrated on our website, for example the "Like" button, or if the data subject posts a comment, Facebook assigns this information to the personal Facebook user account of the data subject and stores this personal data.
Facebook always receives information via the Facebook component that the data subject has visited our website if the data subject is simultaneously logged into Facebook at the time of calling up our website; this takes place regardless of whether the data subject clicks on the Facebook component or not. If such transmission of this information to Facebook is not desired by the data subject, he or she can prevent the transmission by logging out of his or her Facebook account before calling up our website. The data policy published by Facebook, which can be accessed at https://de-de.facebook.com/about/privacy/, provides information about the collection, processing and use of personal data by Facebook. It also explains which setting options Facebook offers to protect the privacy of the data subject. In addition, various applications are available that make it possible to suppress data transmission to Facebook. Such applications can be used by the data subject to suppress data transmission to Facebook.
We use components of the service Instagram. Instagram is a service that qualifies as an audiovisual platform and allows users to share photos and videos and also to redistribute such data in other social networks. The operator of Instagram is Instagram LLC, 1 Hacker Way, Building 14 First Floor, Menlo Park, CA, USA. By each call of one of the individual pages of this website, on which an Instagram component (Insta button) has been integrated, Instagram receives knowledge of which specific sub-page of our website is visited by the person concerned. If you are logged in to Instagram at the same time, Instagram recognizes which specific sub-page has been visited with each call to our website and for the entire duration of the respective stay on our website. This information is collected by the Instagram component and assigned to your Instagram account by Instagram. If you click one of the Instagram buttons integrated on our website, the data and information thus transmitted will be assigned to your personal Instagram user account and stored and processed by Instagram. Instagram always receives information via the Instagram component that you have visited our website if you are simultaneously logged into Instagram at the time of calling up our website; this takes place regardless of whether you click on the Instagram component or not. If you do not want this information to be transmitted to Instagram, you can prevent the transmission by logging out of your Instagram account before accessing our website. Further information and the applicable data protection provisions of Instagram can be found at https://help.instagram.com/155833707900388 and https://www.instagram.com/about/legal/privacy/.
10. payment service provider
In the event that you use a paid service or purchase something through our website / app, Shopify Payments is the payment service provider and the relevant TOS of the service provider apply, which can be viewed here (https://www.shopify.de/legal/terms-payments-de). Should you decide to use this payment service provider, you will leave our site. All data will then be collected and processed by this payment service provider. We do not receive any personal data, in particular no bank or credit card data, but only the information that the payment was made successfully.
11. Storage period
We store personal data only as long as we are entitled to do so and the purpose of processing has not ceased to apply. The respective statutory retention period applies to the duration of the storage of personal data. After expiry of the period, the corresponding data is routinely deleted, provided that it is no longer required for contract performance or contract initiation.
12. contact details and your rights as a data subject
Please contact our management at any time with questions and suggestions regarding data protection and to enforce your rights as a data subject:
Cerena GmbH, Managing Partner Arne Kreitzberg, Sandstr. 27, 42655 Solingen, Germany, Tel.: +49 (0) 212-380 2080, e-mail: email@example.com
▫ Information and correction
You can obtain information from us at any time and free of charge about whether personal data relating to you is being processed by us and also specifically what data is being stored about you, as well as request a copy of the stored data. You can also have incorrect data corrected and completed.
▫ Deletion, restriction and the right to be forgotten
You can request the deletion and restriction of your personal data. Please note that there are, for example, legal retention obligations for contracts against payment, such as the purchase of a subscription to Cerena, and we are therefore not allowed to delete your data completely in every case. In this case, your data will be marked with the aim of limiting its future processing.
▫ Data portability
Where applicable, you also have the right to have the personal data concerning you transferred to you or to another controller in a structured, commonly used and machine-readable format, provided that the processing is based on consent or a contract and is carried out using automated processes. However, this does not apply if the processing is not necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller. Furthermore, you have the right to obtain that the personal data be transferred directly from one controller to another controller, insofar as this is technically feasible and insofar as this does not adversely affect the rights and freedoms of other persons.
▫ Revocation / objection
You can revoke the consent you have given at any time with effect for the future at the above contact address. Furthermore, you have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data relating to you which is carried out on the basis of a legitimate or public interest. This also applies to profiling based on these provisions. We shall no longer process the personal data in the event of the objection, unless we can demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject, or for the assertion, exercise or defense of legal claims.
If we process personal data for the purposes of direct marketing, you have the right to object at any time to processing of personal data for such marketing by using the contact address specified above. This also applies to profiling, insofar as it is associated with such direct advertising.
▫ Right of complaint
Furthermore, you have the right to lodge a complaint with the competent supervisory authority as well as the possibility of legal remedies. The supervisory authority to which the complaint has been submitted will inform the complainant of the status and outcome of the complaint, including the possibility of a judicial remedy.
▫ Existence of automated decision making
We do not use automated decision making or profiling.
Status: 04 November 2021