Privacy policy

Below we inform you about the details of data protection when visiting our website.

As a rule, it is possible to use our website without providing personal data.

Insofar as personal data is collected when visiting our websites, we process this data exclusively in accordance with the German Data Protection Regulation (DSGVO) and the German Federal Data Protection Act (BDSG).

The processing of personal data takes place exclusively in accordance with this privacy policy.

This data protection declaration applies to the use of the website at the address https://www.harzkristall-shop.de/en. For linked content from other providers, the data protection declaration stored on the linked website is authoritative.

We would like to point out that security gaps can occur in the course of data transmission via the Internet, which cannot be prevented even by the technical design of this website. Complete protection of personal data is not possible when using the Internet.

Responsible Party Art. 13 para. 1 lit. a DSGVO

Responsible for the processing of personal data in the context of the use of this website is:

Glasmanufaktur HARZKRISTALL GmbH
Im Freien Felde 5
38895 Blankenburg (Harz) OT Derenburg

Phone: +49 (0) 39453/680-0
E-mail: info@harzkristall.de

Represented by: Gerhard Bürger, Volker Putzmann

Data Protection Officer

We have appointed the following as our data protection officer:

Mr. Dipl.-Inform. Olaf Tenti
GDI Gesellschaft für Datenschutz und Informationssicherheit mbH
Körnerstraße 45

58095 Hagen (NRW)

Phone: +49 (0)2331/356832-0
E-mail: datenschutz@gdi-mbh.eu

Internet: www.gdi-mbh.eu

Web Hosting

Our website is operated on servers of

Shopify International Limited

2nd Floor, 1-2 Victoria Buildings

Haddington Road

Dublin 4, D04 XN32, Ireland

www.shopify.de

Data collected

Shopify is a tool for creating and hosting websites. When you visit our website, Shopify collects your IP address and information about the device and browser you are using.

Shopify also analyses visitor numbers, visitor sources and customer behaviour and compiles corresponding user statistics. When you make a purchase on our website, Shopify also collects your name, email address, shipping and billing addresses, payment information and other data related to the purchase (e.g. phone number, amount of sales made, etc.).

For analytics, Shopify stores cookies in your browser. For details, please see Shopify's privacy policy:
https://www.harzkristall-shop.de/en/policies/privacy-policy.

The use of Shopify is based on Art. 6 para. 1 lit. f DSGVO. We have a legitimate interest in the most reliable presentation of our website. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a DSGVO and § 25 para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information in the user's terminal device (e.g. device fingerprinting) as defined by the TTDSG. The consent can be revoked at any time.

We have concluded an order processing agreement (AVV) with Shopify for the use of the above-mentioned service. This is a contract required by data protection law, which ensures that it only processes the personal data of our website visitors in accordance with our instructions and in compliance with the GDPR.

The collection of data for the provision of the website and the storage of the data in log files is absolutely necessary for the operation of the website. Consequently, there is no possibility for you to object.

Cookies
addition to the previously mentioned data, cookies are used on your computer when you use and visit our website.

When you visit our website for the first time, you will be asked whether you agree to the use of cookies and, if so, which categories you agree to.

Cookies are small text files that are stored by your browser on your end device to save certain information. Furthermore, these cookies are used to make the use of our offer more pleasant and comfortable for you or for analytical purposes.

Most of the cookies we use are so-called "session cookies". They are used to make the services of our website technically available to you. They enable items that you have added to the shopping basket to remain stored there, even if you have called up different websites in succession. After your visit, these cookies are automatically deleted by your browser.

Other cookies remain on your computer and cause us to recognise your terminal device on your next visit (so-called persistent or permanent cookies).

The next time you visit our website with the same terminal device, the information stored in cookies is read either by our website ("first party cookie") or by another website to which the cookie belongs ("third party cookie").

These cookies are automatically deleted from your system after a preset period of time, which differs depending on the cookie.

Through the stored and returned information, the respective website recognises that you have already called up and visited it with the browser of your end device.

We use this information to optimally design and display the website according to your preferences. Only the cookie itself is identified on your terminal device.

Any further storage of personal data will only take place with your express consent or if this is absolutely necessary in order to be able to use the service offered and accessed by you accordingly.

This website uses the following types of cookies, the scope and functionality of which are explained below:

- Essential cookies: Essential cookies ensure functions without which you cannot use our websites as intended. These cookies are used exclusively by us and serve, for example, to ensure that you, as a registered user, always remain logged in when accessing various sub-pages of our website and thus do not have to re-enter your login data each time you call up a new page. The legal basis for their use is our legitimate interest within the meaning of Art. 6 Para. 1 lit. f DSGVO.

- Functional cookies: Enable our website to save information that has already been provided and to offer you improved functions based on this information. The legal basis for the use of these cookies is your consent in accordance with Art. 6 Para. 1 lit. a DSGVO.

- Marketing or tracking cookies: These cookies are used to collect information about the websites visited by the user, to create targeted and more effective advertising for the user and to enable us to identify the interests of website visitors in order to make our website more interesting in the future.

Marketing and/or tracking cookies are only set after your active consent.

The legal basis for data processing in this case is Art. 6 para. 1 p. 1 lit. a DSGVO.

Opt-out for marketing cookies

You can also manage cookies used for online advertising through tools developed in many countries as part of self-regulatory programmes, such as the US-based https://www.aboutads.info/choices/ or the EU-based https://www.youronlinechoices.com/de/praferenzmanagement/.

You can revoke this consent to cookies at any time with effect for the future here.

You can set your browser so that you are informed about the setting of cookies and only allow cookies in individual cases, e.g. third-party cookies (cookies that are set by a third party, i.e. not by the actual website you are currently visiting), exclude the acceptance of cookies for certain cases or generally, and activate the automatic deletion of cookies when closing the browser. You can delete stored cookies at any time using your web browser.

You have the option to generally deactivate cookies in your browser at any time.

However, the functionality of this website may be limited if cookies are deactivated.

Delete Cookies

Cookies are stored on your terminal device until you delete these cookies, which is possible at any time. Furthermore, expired cookies are automatically deleted by your browser if you have set up your browser accordingly. Expired cookies are no longer sent to our servers by your browser and can therefore no longer be used by us.

Here you will find information on how to delete cookies from your browser and manage cookie settings for the most popular browsers:

Desktop PC / Laptop

Mobile devices

- Google Chrome (Android)

- Google Chrome (iOS)

- Apple Safari (iOS)

- Samsung Internet (Android)

- Mozilla Firefox (Android)

If you have not made or do not make any deviating settings, cookies that enable or are intended to ensure the required technical functions remain on your end device until you close the browser; other cookies may remain on your end device for longer (maximum 6 months).

To safeguard your privacy, you should regularly check the cookies on your respective end device as well as your browsing history and delete them on your own.

SSL encryption

For security reasons and to protect the transmission of confidential content, such as orders or enquiries that you send to us as the site operator, this site uses SSL or TLS encryption. You can recognise an encrypted connection by the fact that the address line of the browser changes from "http://" to "https://" and by the lock symbol in your browser line.

If SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties (end-to-end encryption). The protocols authenticate the communication partner and ensure the integrity of the transported data.

Voucher order

We process your data in the context of ordering a voucher.

The data processed includes inventory data, communication data, contract data, payment data and the persons affected by the processing include our customers, interested parties and other business partners. The processing is carried out for the purpose of providing the contractual service in the context of voucher ordering, billing, delivery and customer services. In this context, we use session cookies to store the contents of the shopping cart.

The processing is carried out on the basis of Art. 6 para. 1 p. 1 lit. b (execution of order transactions) and c (legally required archiving) DSGVO. In this context, the information marked as required is necessary for the justification and fulfilment of the contract. We disclose the data to third parties only within the scope of delivery, payment or within the scope of legal permissions and obligations towards legal advisors and authorities. The data is only processed in third countries if this is necessary for the fulfilment of the contract (e.g. at the customer's request for delivery or payment).

As part of the ordering process, we store the IP address and the time of the respective user action. The storage is based on our legitimate interests as well as those of the users in protection against misuse and other unauthorised use. In principle, this data is not passed on to third parties, unless it is necessary for the pursuit of our claims or there is a legal obligation to do so in accordance with Art. 6 Para. 1 S. 1 lit. c DSGVO.

The deletion takes place after the expiry of legal warranty and comparable obligations, the necessity of keeping the data is reviewed every three years; in the case of legal archiving obligations, the deletion takes place after their expiry (end of commercial law (6 years) and tax law (10 years) retention obligation).

Payment Services

We integrate payment services from third-party companies on our website. When you make a purchase from us, your payment data (e.g. name, email address, payment amount, account
details, credit card number) are processed by the payment service provider for the purpose of processing the payment. The respective contractual and data protection provisions of the respective providers apply to these transactions. The payment service providers are used on the basis of Art. 6 Para. 1 lit. b DSGVO (contract processing) as well as in the interest of a smooth, convenient and secure payment process (Art. 6 Para. 1 lit. f DSGVO). Insofar as your consent is requested for certain actions, Art. 6 para. 1 lit. a DSGVO is the legal basis for data processing; consents can be revoked at any time for the future.
We use the following payment services / payment service providers within the scope of this website:

PayPal
Provider of this payment service is PayPal (Europe) S.à.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter "PayPal").

Data transfer to the USA is based on the standard contractual clauses of the EU Commission.
Details can be found here:
https://www.paypal.com/de/webapps/mpp/ua/pocpsa-full.

For details, please refer to PayPal's privacy policy:
https://www.paypal.com/de/webapps/mpp/ua/privacy-full.

Shopify Payment The
provider of this payment service in the EU is Shopify International Limited, 2nd Floor Victoria
Buildings, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland (hereinafter "Shopify Payment"). For
details, please refer to Shopify Payment
's privacy policy:
https://www.shopify.de/legal/datenschutz.

Facebook Pixel / Facebook Custom Audience

We use the visitor access statistics (remarketing function) "Custom Audiences" of Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA ("Facebook"), also known as Facebook Pixel.

With the help of the Facebook pixel, it is possible for Facebook to determine the visitors to our online offer as a target group for the display of advertisements (so-called "Facebook ads"). Accordingly, we use the Facebook pixel to display the Facebook ads placed by us only to those Facebook users who have also shown an interest in our online offer or who have certain characteristics (e.g. interests in certain topics or products determined on the basis of the websites visited), which we transmit to Facebook (so-called "Custom Audiences").

Furthermore, with the help of the Facebook pixel, we want to ensure that our Facebook ads correspond to the potential interest of the users and do not have a harassing effect. This allows us to further evaluate the effectiveness of the Facebook ads for statistical and market research purposes by tracking whether users were redirected to our website after clicking on a Facebook ad (so-called "conversion").

The data collected is anonymous for us, so it does not allow us to draw any conclusions about the identity of the user. However, the data is stored and processed by Facebook so that a connection to the respective user profile is possible and Facebook can use the data for its own advertising purposes in accordance with the Facebook data usage policy (https://www.facebook.com/about/privacy/). The data may enable Facebook and its partners to serve advertisements on and off Facebook.

The legal basis for the use of Facebook Pixel is your consent pursuant to Art. 6 (1) a) DSGVO, insofar as you give us your consent to this when you first access the page. You can revoke this consent to the cookies at any time with effect for the future.

The information generated by Facebook is usually transmitted to a Facebook server and stored there; this may also involve transmission to the servers of Facebook Inc. in the USA.

If the function is activated, a direct connection to a Facebook server is established when you visit this website. This transmits to the Facebook server which of our web pages you have visited. Facebook assigns this information to your personal Facebook user account.

If you do not want Facebook to assign the collected information directly to your Facebook user account, you can deactivate the "Custom Audiences" remarketing function. To do this, you must be logged in to Facebook.

Use of Google Analytics 4

This website uses functions of the web analysis service Google Analytics. The provider is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.
Google Analytics enables the website operator to analyse the behaviour of website visitors. In doing so, the website operator receives various usage data, such as page views, length of stay, operating systems used and the origin of the user. This data is assigned to the respective end device of the user. There is no assignment to a user ID. Furthermore, Google Analytics allows us to record your mouse and scroll movements and clicks, among other things. Furthermore, Google Analytics uses various modelling approaches to supplement the data records collected and employs engine learning technologies in the data analysis. Google Analytics uses technologies that enable the recognition of the user for the purpose of analysing user behaviour (e.g. cookies or device fingerprinting). The information collected by Google about the use of this website is usually transferred to a Google server in the USA and stored there.
The use of this service is based on your consent according to Art. 6 para. 1 lit. a DSGVO and § 25 para. 1 TTDSG. The consent can be revoked at any time.

Data stored by Google at user and event level that are linked to cookies, user identifiers (e.g. user ID) or advertising IDs (e.g. DoubleClick cookies, Android advertising ID) are anonymised or deleted after 14 months. Details can be found under the following link: https://support.google.com/analytics/answer/7667196?hl=de

You can prevent the collection and processing of your data by Google by downloading and installing the browser plugin available at the following link:
https://tools.google.com/dlpage/gaoptout?hl=de .

You can find more information on how Google Analytics handles user data in
Google's privacy policy:
https://support.google.com/analytics/answer/6004245?hl=de .

Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here:
https://privacy.google.com/businesses/controllerterms/mccs/.

We have concluded an order processing contract with Google and fully implement the strict requirements of the German data protection authorities when using Google Analytics.

Use of Google Maps

On this website, we use the "Google Maps" service, operated by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, or if you have your registered office or place of residence in the EU, Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google").

Google Maps is integrated on the website via the Google API in order to visualise location information and display it in the form of a map. The files required for this purpose are requested via the Google domains maps.googleapis.com, fonts.googleapis.com and/or fonts.gstatic.com.

Gstatic is a domain used by Google to load static content into another domain name to reduce bandwidth usage and increase network performance for the end user.

The processing of the IP address by Google Maps is technically necessary for the display of the map. With regard to the other web services integrated by means of Google Apis, the regulations in the respective section of this data protection declaration for Google Apis apply.

By visiting the website, Google receives the information that you have accessed the corresponding sub-page of our website. In addition

the IP address,
Date and time of the request,
Time zone difference from Greenwich Mean Time (GMT),
Content of the request (concrete page),
Access status/HTTP status code,
the amount of data transferred,
the website from which the request comes (so-called referrer),
Type and version of the browser used together with the language version used as well as
Type and version of operating system and interface used

transmitted. This information (including your IP address) is transmitted by your browser directly to a Google server in the USA and stored there.

The transmission takes place regardless of whether Google provides a user account via which you are logged in or whether no user account exists. If you are logged in to Google, your data will be directly assigned to your account. If you do not wish your data to be associated with your Google profile, you must log out of your Google profile before using our website. Google stores your data as usage profiles and uses them for the purposes of advertising, market research and/or designing its website in line with requirements. Such an evaluation is carried out in particular (also for users who are not logged in) to provide needs-based advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles, and you must contact Google to exercise this right.

You can prevent the collection and forwarding of personal data to Google (in particular your IP address) and the processing of this data by Google by deactivating the execution of script code in your browser, installing a script blocker in your browser or activating the "Do Not Track" setting of your browser. Google's security and privacy policy can be found at https://policies.google.com/privacy.

For more information on the purpose and scope of data collection and processing by the plug-in provider, please refer to the provider's privacy policy. There you will also find further information on your rights in this regard and setting options for protecting your privacy: http://www.google.de/intl/de/policies/privacy.

We have concluded a joint processing agreement with Google with regard to Google Maps. You can find the content at https://privacy.google.com/intl/de/businesses/mapscontrollerterms/.

The data transfer to the USA is based on your consent in accordance with Art. 6 para. 1 p. 1 lit. a DSGVO.

You can revoke your consent to data processing at any time with effect for the future. To do so, delete the cookies in your browser or use the link to manage your consents, which you will find in this privacy policy in the section on "Cookies". The revocation of consent does not affect the lawfulness of the data processing that took place until the revocation.

Google Fonts (If only loaded by Google Maps)

By integrating "Google Maps" and/or "Youtube" videos and/or Google reCAPTCHA, "Google Fonts" are loaded, offered by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, or if you have your registered office or place of residence in the EU, Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google").

We have no influence on this.

The files required for this purpose are requested via the Google domains fonts.googleapis.com and/or fonts.gstatic.com.

Gstatic is a domain used by Google to load static content into another domain name to reduce bandwidth usage and increase network performance for the end user.

By visiting the website, Google receives the information that you have accessed the corresponding sub-page of our website. In addition

the IP address,
Date and time of the request,
Time zone difference from Greenwich Mean Time (GMT),
Content of the request (concrete page),
Access status/HTTP status code,
the amount of data transferred,
the website from which the request comes (so-called referrer),
Type and version of the browser used together with the language version used as well as
Type and version of operating system and interface used

transmitted. This information (including your IP address) is sent directly from your browser to a Google server. According to Google, it does not store this information and only uses it to deliver the requested fonts and to detect and, if necessary, prevent attacks on its IT system.

If you have given your consent for us to use Google Fonts, the legal basis for data processing is this consent (Art. 6 para. 1 p. 1 lit. a in conjunction with Art. 49 para. 1 lit. a DSGVO).

We use Google Web Fonts to optimise our website and present it in an appealing way.

Google processes personal data in the USA, among other places.

Google Web Fonts (local)

This site uses so-called web fonts provided by Google for the uniform display of fonts. The Google Fonts are installed locally. A connection to Google servers does not take place.

Further information on Google Web Fonts can be found at https://developers.google.com/fonts/faq and in Google's privacy policy: https://policies.google.com/privacy?hl=de.

Your rights and assertion of rights

You are entitled to the rights listed below. You can assert these against us. To assert your rights, please use the above-mentioned data or contact us by e-mail at info@harzkristall.de.

Information:

In accordance with Art. 15 DSGVO, you have the right to request information about your personal data processed by us. In particular, you can request information about the processing purposes, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of a right of complaint, the origin of your data if it has not been collected by us, as well as the existence of automated decision-making including profiling and, if applicable, meaningful information about its details;

Correction:

Pursuant to Art. 16 DSGVO, you have the right to request the correction of inaccurate or incomplete personal data stored by us without delay;

Deletion:

In accordance with Art. 17 DSGVO, you have the right to request the deletion of your personal data stored by us, unless the processing is necessary for the exercise of the right to freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the assertion, exercise or defence of legal claims;

Restriction of processing:

In accordance with Art. 18 DSGVO, you have the right to request the restriction of the processing of your personal data, insofar as the accuracy of the data is disputed by you, the processing is unlawful, but you object to its erasure and we no longer require the data, but you need it for the assertion, exercise or defence of legal claims, or you have objected to the processing in accordance with Art. 21 DSGVO;

Data portability:

In accordance with Art. 20 DSGVO, you have the right to receive your personal data that you have provided to us in a structured, common and machine-readable format or to request that it be transferred to another controller;

Withdrawal of your consent:

In accordance with Art. 7 (3) DSGVO, you have the right to revoke your consent at any time. This has the consequence that we may no longer continue the data processing based on this consent for the future.

Please address your revocation to the above data or by e-mail to: info@harzkristall.de

Right of objection

You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data relating to you which is carried out on the basis of Art. 6 (1) sentence 1 lit. e or f DSGVO; this also applies to profiling based on these provisions.

The controller shall no longer process the personal data concerning you unless it can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or for the establishment, exercise or defence of legal claims.

If the personal data concerning you is processed for the purpose of direct marketing, you have the right to object at any time to the processing of personal data concerning you for the purpose of such marketing; this also applies to profiling, insofar as it is related to such direct marketing.

If you object to processing for direct marketing purposes, the personal data concerning you will no longer be processed for these purposes.

You have the possibility, in connection with the use of information society services, notwithstanding Directive 2002/58/EC, to exercise your right to object by means of automated procedures using technical specifications.

Automated decision in individual cases including profiling

You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. This does not apply if the decision is necessary for the conclusion or performance of a contract between you and the controller, is permitted by Union or Member State law to which the controller is subject, and that law contains adequate measures to safeguard your rights and freedoms and your legitimate interests, or is made with your explicit consent.

However, these decisions must not be based on special categories of personal data pursuant to Art. 9(1) DSGVO, unless Art. 9(2)(a) or (g) DSGVO applies and appropriate measures have been taken to protect the rights and freedoms and your legitimate interests.

Complain to a supervisory authority:

In accordance with Art. 77 DSGVO, you have the right to complain to a supervisory authority. As a rule, you can contact the supervisory authority of your usual place of residence or workplace or our company headquarters for this purpose.

Status of the privacy policy

The constant development of the Internet makes it necessary to make adjustments to our privacy policy from time to time. We reserve the right to make corresponding changes at any time.

Status: March 2023

Cart0 items

Privacy policy