1. Controller, scope of application
1.1 We, MITO Handels- und Vertriebsgesellschaft mbH, Rosenthaler Str. 36, D-10178 Berlin, are the controller within the meaning of the General Data Protection Regulation (“GDPR”) and the national data protection laws of the Member States as well as other data protection regulations. We take data protection seriously.
1.2 This data protection declaration applies to this website including all subpages and subdomains.
2. Meaning of the individual terms in this data protection declaration
|Natural or legal person, public authority, agency or other body which processes personal data on our behalf.|
|Cookie||Text file that is temporarily ("session cookie") or permanently ("persistent cookie") stored on your end device and through which we ("own cookies") or other recipients ("third-party cookies") receive certain information. This text file cannot run programs or transmit viruses to your computer.|
|Third party||Natural or legal person, public authority, agency or body other than you, us, the processor and persons who, under the direct responsibility of us or the processor, are authorized to process the personal data.|
|Third country||A country outside the European Union.|
|Recipient||A natural or legal person, public authority, agency or another body to which personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing.|
|Voluntary information||Personal data that we request from you, which is not mandatory information but facilitates the processing.|
|Contact and request data||Personal data that you provide when using the contact form, when contacting us by e-mail, or when otherwise making contact or making an enquiry outside of a contract.|
|Customer account data||Personal data that you enter when creating a customer account to simplify future contract processing.|
|Log file||File stored on our web server, in which browser data are logged.|
|Usage data||Personal data about your use of our website, which is collected when using the website, in particular automatically as browser data and through cookies.|
|Personal data||Any information relating to you as an identified or identifiable natural person.|
|Mandatory information||Personal data which we request from you and which is absolutely necessary to fulfil the purposes of processing. Mandatory information is separately marked during data collection.|
|Plugin provider||Provider of social plugins.|
|Profiling||Any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.|
|Social plugins||Functions provided by social networks and microblogging services such as Facebook or Instagram, which we have integrated into our own website (e.g. "Like" button on Facebook) so that you can communicate directly with the relevant social networks.|
Personal data that you provide, in particular during the order process, in order to establish, develop, change or terminate the contractual relationship with us.
3. General information on the handling of personal data
3.1 We only use your personal data to enable you to use our services.
3.2 Insofar as we obtain your consent for the processing of personal data, Art. 6 para. 1 lit. a) GDPR serves as the legal basis for the processing of personal data.
3.3 In the processing of personal data required for the performance of a contract to which you are a party, Art. 6 para. 1 lit. b) GDPR serves as the legal basis. This also applies to processing operations that are necessary to take steps prior to entering into a contract.
3.4 Insofar as the processing of personal data is necessary for compliance with a legal obligation to which we are subject, Art. 6 para. 1 lit. c) GDPR serves as the legal basis.
3.5 In the event that your vital interests or those of another natural person make processing of personal data necessary, Art. 6 para. 1 lit. d) GDPR serves as the legal basis.
3.6 If the processing is necessary to protect a legitimate interest of us or a third party and if the interests, fundamental rights and freedoms of you do not override the former interest, Art. 6 para. 1 letter f) GDPR serves as the legal basis for the processing.
3.7 Personal data will be deleted or blocked as soon as the purpose of storage ceases to apply. Furthermore, data may be stored if this has been provided for by the European or national legislator in EU regulations, laws or other provisions to which the person responsible is subject. The data will also be blocked or deleted if a storage period prescribed by the aforementioned standards expires, unless there is a need for further storage of the data for the conclusion or fulfilment of a contract.
3.8 If we pass on your data to recipients for individual functions and services, we will inform you in detail about the respective processes below. We have carefully selected and commissioned our processors, they are bound by our instructions and are regularly inspected. The processors will not pass this data on to third parties, but will delete it after contract fulfilment and the expiration of legal storage periods, unless you have consented to further storage. If the recipients are located in a third country, we will inform you of the consequences of this circumstance in the description of the respective data processing. As an exception, your personal data will also be passed on to other third parties if we are legally obliged to surrender this personal data, but we will inform you of this without delay.
3.9 Our employees are bound to secrecy regarding personal data.
4. Your rights
4.1 You may revoke your consent to the use of your personal data in whole or in part at any time with future effect.
4.2 In the case of processing personal data to perform tasks in the public interest (Art. 6 para. 1 sentence 1 lit. e) GDPR) or for the purposes of legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR), you can object to the processing of personal data concerning you at any time with effect for the future. In the event of an objection, we shall refrain from any further processing of your data for the aforementioned purposes, unless,
- there are compelling legitimate grounds for processing which override your interests, rights and freedoms, or
- the processing is necessary for the establishment, exercise or defence of legal claims.
4.3 You shall have the right to object to the processing of your data for the purpose of direct marketing at any time with effect for the future; this also applies to profiling to the extent that it is related to such direct marketing. In the event of objection, we must refrain from any further processing of your data for the purpose of direct marketing.
4.4 You also shall have the right to lodge a complaint with a to a data protection supervisory authority about data protection issues.
4.5 In addition, you have the following rights with regard to your personal data:
- Right of access,
- Right to rectification or erasure,
- Right to restriction of processing,
- Right to data portability.
5. Browser data
5.1 We collect browser data every time you visit our website. We do not link the browser data with your other personal data.
5.2 We use the browser data to display our website to you and to ensure the stability and security of our website. In particular, we need the browser data in order to detect and eliminate or avert malfunctions and attacks. The legal basis for the use of browser data can be found in Section 3.6.
5.3 We have commissioned Telekom Deutschland GmbH, Landgrabenweg 151, D-53227 Bonn, Germany, to operate our web servers and the associated processing of browser data. The technical administration of our web servers and the website is carried out on our behalf by initOS GmbH, An der Eisenbahn 1, 21224 Rosengarten, as processor, who also comes into contact with your browser data as part of the administrative work. Browser data is also passed on to Google Inc. as part of the use of Google Analytics (Section 10) and to Facebook Inc. and Instagram LLC. in the event that the relevant social plugin (Section 11) is activated. A passing on of the browser data to other recipients and in particular third parties does not take place. However, if investigative measures are initiated due to an attack on our information technology systems, the browser data may be passed on to government investigative bodies. The same applies if appropriate authorities or courts make enquiries to us and we are obliged to do so. A transfer of your browser data to a third country or an international organization is not planned.
5.4 The browser data including the IP address, if applicable, are stored in a log file. The log file will be deleted after 30 days.
6. Contract data
6.1 We process your contract data, which may be both mandatory and voluntary information, to establish, implement and change the contractual relationship on the basis of the legal basis mentioned in Section 3.3.
6.2 In addition, we may process your contract data in order to inform you by direct marketing about other products from our portfolio that are suitable for you. Without your consent we will of course only do this in letter form. The relevant legal basis for this is given in Section 3.6. You can object to the processing of your contract data for direct marketing purposes at any time (Section 4.3).
6.3 Your contract data will only be passed on for the purpose of fulfilling the contract. The recipients of such data are Telekom Deutschland GmbH, Landgrabenweg 151, D-53227 Bonn, as our web host and, as part of their technical administration activities, initOS GmbH, An der Eisenbahn 1, 21224 Rosengarten and our shipping service provider DHL Paket GmbH, Ernst-Thälmann-Straße 10, 15562 Rüdersdorf. The contract data will not be passed on to other recipients and in particular third parties. A transfer of your contract data to a third country or an international organisation is not planned.
6.4 Your contract data will be stored for the duration of the fulfilment of the contract and will be deleted immediately, unless further processing, in particular storage, is required by law, storage is required for reasons of evidence (e.g. to assert claims or to defend against possible claims for damages) or express permission has been obtained from you or in the form of a statutory authorisation.
7. Customer account data
7.1 You have the option of creating a customer account where your data is stored for further contract conclusions at a later date. The creation of a customer account is voluntary. The relevant legal basis for this is given in Section 3.3.
7.2 We have commissioned Telekom Deutschland GmbH, Landgrabenweg 151, D-53227 Bonn, Germany, to operate our web servers and the associated processing of customer account data. The technical administration of our web servers and the website is carried out on our behalf by initOS GmbH, An der Eisenbahn 1, 21224 Rosengarten, as processor, who also comes into contact with your customer account data as part of the administrative work. The customer account data will not be passed on to other recipients and in particular third parties. Also a transfer of your customer account data to a third country or an international organization is not planned.
7.3 Your customer account data will be stored revocably. The customer account can be deleted in the customer area at any time. Further storage after deletion of the customer account only takes place if statutory regulations require further processing, in particular storage, storage is required for reasons of evidence (e.g. to assert claims or to defend against possible claims for damages) or if express permission has been obtained from you or in the form of a statutory authorisation.
8. Contact and request data
8.1 We process your contact and request data, which may be both mandatory and voluntary information (e.g. to address you personally and to better clarify queries), in order to answer your enquiries on the basis of the legal basis mentioned in Section 3.3.
8.2 We have commissioned Telekom Deutschland GmbH, Landgrabenweg 151, D-53227 Bonn as processor to operate our web servers and process the associated contact and request data. The technical administration of our web servers and the website is carried out by initOS GmbH, An der Eisenbahn 1, 21224 Rosengarten, on our behalf processor, who also comes into contact with your contact and request data within the scope of administrative activities. A passing on of the contact and request data to other recipients and in particular third parties does not take place. A transfer of your contact and request data to a third country or an international organisation is not planned either.
8.3 Your contact and request data will be deleted immediately after complete processing of your inquiry, unless statutory provisions require further processing, in particular storage, storage is required for reasons of evidence (e.g. to assert claims or to defend against possible claims for damages) or express permission has been obtained from you or in the form of a statutory authorisation.
9. Our own cookies
9.1 We use our own cookies. Our own cookies serve to make our website more user-friendly and effective. They do not contain any personal information about you, but only a key figure that has no significance outside our services. In particular, we use so-called session cookies. These store a so-called "session ID" with which various requests of your browser can be assigned to the common session. This means that when you visit our website, your end device can still be identified when you switch from one page to another and the end of your visit can be determined. We also use permanent cookies. This allows your browser to be recognized the next time you return to our website.
9.2 We use session cookies so that you can use our offers smoothly. We use permanent cookies in order to identify you for subsequent visits and to enable you to use our services smoothly. Otherwise you will have to log in again for each visit. The legal basis for the use of own cookies results from Section 3.6.
9.3 Your usage data collected by our own cookies will not be passed on. A transfer of your usage data to a third country or an international organization is not planned.
9.4 Session cookies are automatically deleted when you log out or close your browser. Persistent cookies are automatically deleted after a specified period, which may vary depending on the cookie.
9.5 You can delete cookies at any time in the security settings of your browser. You can configure your browser settings according to your wishes and reject certain cookies or all cookies altogether. Please note that if you refuse to accept our own cookies, you may not be able to use all the functions of our website.
10. Use of Google Analytics
10.1 We use Google Analytics, a web analysis service of Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Google Inc. uses third party cookies. Google Inc. uses the information generated by the third party cookie to evaluate your use of the website, to compile reports on the activities of the website for us and to provide us with further services connected with the use of the website and the Internet. The IP address transmitted by your browser in the context of Google Analytics is not merged with other Google data.
10.2 We use Google Analytics to analyse and improve our website. In this way, we are pursuing the interest of improving our offer and making it more interesting for you as a user. The legal basis for the use of Google Analytics can be found in Section 3.6.
10.5 Our website also uses the "Universal Analytics" extension to analyze user behavior across devices. This provides us with information about the use of our offers on various devices (e.g. PC, smartphone or tablet) by a user. This is done by using a pseudonymized user ID that does not contain any personal data and does not transmit such data to Google Inc. The data collection and storage can be contradicted at any time with effect for the future through a browser plug-in from Google Inc. (https://tools.google.com/dlpage/gaoptout?hl=en) . You must run this browser plug-in on all browsers and devices you use. Further information on Universal Analytics can be found here: https://support.google.com/analytics/answer/2838718?hl=en&ref_topic=6010376.
11. Social plugins from Facebook and Instagram
11.1 We use social plugins from Facebook and Instagram on this website. The social plugins are offered by the plugin providers Facebook Inc. and Instagram LLC. We use the so-called two-click solution. This means that when you visit our site, no personal data is initially passed on to the plugin providers. You can recognize the plugin provider by the mark on the box above its initial letter or the logo. We offer you the possibility to communicate directly with the plugin provider via the button. Only if you click on the marked field and thereby activate it, the plugin provider receives the information that you have called the corresponding website of our online offer. In the case of Facebook, according to Facebook Inc. in Germany, the IP address is anonymized immediately after collection. By activating the social plugin, personal data will be transferred from you to the plugin provider and stored there (for US providers in the USA). Since the plugin provider collects data particularly via cookies, we recommend that you delete all cookies before clicking on the respective social plugin via the security settings of your browser. We have no influence on the data collected and data processing processes, nor are we aware of the full extent of data collection, the purposes of processing, the storage periods. We also have no information on the deletion of the data collected by the respective plugin provider. The plugin provider stores the data collected about you as user profiles and uses these for the purposes of advertising, market research and/or demand-oriented design of its website. Such an evaluation takes place in particular (also for not logged in users) for the representation of demand-fair advertisement and in order to inform other users of the social network about your activities on our website. The data transfer is independent of whether you have an account with the plugin provider and are logged in there. If you are logged in with the plugin provider, your data collected with us will be directly assigned to your existing account with the plugin provider. If you click the activated button and, for example, link the page, the plugin provider will also save this information in your user account and communicate it to your contacts publicly. We recommend that you log out regularly after using a social network, especially before activating the button, as this way you can avoid being assigned to your profile with the plugin provider.
11.2 Through the social Plugins we offer you the possibility to interact with social networks and other users, so that we can improve our offer and make it more interesting for you as a user. The legal basis for the use of the social plugins can be found in Section 3.6.
11.3 Facebook is an offer of Facebook Inc, 1601 S. California Ave, Palo Alto, CA 94304, USA. An overview of Facebook plugins and their appearance can be found here: https://developers.facebook.com/docs/plugins
Instagram is an offer of Instagram LLC, 1601 Wilow Road, Menlo Park, CA 94025, USA. The plugins are marked with an Instagram logo, e.g. in the form of an "Instagram camera". An overview of Instagram plugins and their appearance can be found here: http://blog.instagram.com/post/36222022872/introducing-instagram-badges
Further information on the purpose and scope of data collection and its processing by the respective plug-in provider can be found in the following data protection declarations. They will also provide you with further information about your rights in this regard and setting options to protect your privacy:
Facebook: http://www.facebook.com/policy.php - further information on data collection: www.facebook.com/help/186325668085084, http://www.facebook.com/about/privacy/your-info-on-other#applications and http://www.facebook.com/about/privacy/your-info#everyoneinfo. Facebook Inc. has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.
Instagram: https://help.instagram.com/155833707900388. Instagram LLC. has not yet submitted to the EU-US Privacy Shield.
11.4 You have the right to object to the creation of these user profiles, whereby you must contact the respective plugin provider to exercise this right. You can also completely prevent the loading of social plugins with add-ons for your browser, e.g. with the script blocker "NoScript".
12. Data security
All information that you transmit to us is stored on servers within the Federal Republic of Germany. We point out that the transmission of information via the Internet is not completely secure, which is why we cannot guarantee the security of the data transmitted to our website via the Internet. All data on our servers is protected against loss, destruction, access, modification or distribution by unauthorized persons by technical and organizational measures (e.g. security systems connected in series). Our employees and system service providers regularly check the effectiveness of the protection. We use TLS encryption (Transport Layer Security) for communication between your end device and our servers.
13. Availability of the data protection provisions
You can access and print out this data protection policy from any page of our website under the heading "Data protection".