We, Habermaass GmbH, August-Grosch-Str. 28-38, 96476 Bad Rodach (hereinafter referred to as HABA), are responsible for processing your data pursuant to s. 4(7) of the EU General Data Protection Regulation (GDPR) when you visit our website.
If you have any questions regarding data privacy, you can reach our Data Protection Officer by post: Habermaass GmbH, Data Protection (Datenschutz) Postfach 1107, 96473 Bad Rodach, or by email: internet(at)haba.de with the subject: Data Protection (Datenschutz)
The following policy gives you an overview of how we guarantee the protection of your data under GDPR. In particular, we would like to explain to you as a visitor to our website what kind of data we collect, why we collect this data, how we use this data, and how you can at any time determine how your personal data is handled. When you contact us by post, email, or via a contact form, the data you communicate is saved by us in order to be able to respond to your questions. We delete the data collected in this context after storage is no longer necessary, or we restrict pro-cessing if legal retention requirements exist
HABA will collect and use your personal data for the processing of orders with ei-ther mandatory fields in our online shop or questions for telephone orders. The fol-lowing information is required:
Gender, name; date of birth, address, and email address.
Other information is optional. In order to be able to handle and ship your order, we share your data to the delivery service which handles shipment. We may also share your payment data with our bank. The legal basis for this is s. 6(1)(1)(b) GDPR.
You may optionally create a customer account, which we use to store your data for later purchases. When you create an account under "My Account", the information you provide is revocably stored.
HABA may also process the data you have provided in order to inform you by mail regarding other interesting products from our entire portfolio, in accordance with s. 6(1)(1)(f) GDPR, or send you emails with technical information about our webshop.
HABA also offers other services such as wish lists, birthday specials, surprise packages, etc. that you can use, if interested. For this purpose it is sometimes nec-essary to provide other personal data in order to provide your desired service. Your data must sometimes be shared with our carefully selected service providers in order to provide these services. HABA currently offers the following services:
If our service providers or partners have their headquarters in a country outside the European Economic Area (EEA), we will notify you of this circumstance in the de-scription of the offer.
If you later decide that you no longer want to use our services, you can object to the data processing at any time with future effect. To do this, send a message to internet(at)haba.de or by post to Habermaass GmbH, Data Protection (Datenschutz), Postfach 1107, 96473 Bad Rodach.
Child data - Our website is not intended for persons under the age of 16 years, and we ask that persons under 16 years of age please abstain from providing us with any personal data. Such data may only be provided by the legal guardian or with the guardian's consent. If we learn that we have unlawfully collected the per-sonal data of a child under 16 years of age, we will initiate steps for the quickest possible deletion of this data.
With your consent, you can subscribe to our newsletter, which we use to provide you with information about current interesting offers. In this context, the newsletter sent by HABA can also in part be used to advertise goods and services from our en-tire group of companies, if they correspond with your interest in our products. Our group of companies includes: Habermaass GmbH, Heldbergs GmbH & Co. KG, Project GmbH, HABA Sales GmbH & Co. KG and their brands JAKO-O, FIT-Z, Qiéro!, JAKO-O Familystore and Wehrfritz. To support email shipping, we use the services of Emarsys – emarsys eMarketing Systems AG, Marchstrasse 1, 1150 Vienna.
When you register for our newsletter, we use the so-called double opt-in method. This means that after you have registered, we send an email to the email address you have provided. In this email we ask you to confirm that you wish to receive the newsletter. For this purpose we store your IP addresses and the times of registration and confirmation. The purpose of the method is to prove your registration and, if necessary, to provide information about any possible misuse of your personal data.
The only information required to receive the newsletter is your email address. Providing any other separately marked data is optional and this data will be used to be able to personally address you. After you have confirmed, we store your email address for the purpose of sending the newsletter. The legal basis for this is s. 6(1)(1)(a) GDPR.
You can withdraw your consent to the newsletter at any time and cancel your subscription to the newsletter. You can declare your revocation by clicking on the link provided in each newsletter by sending a corresponding email to internet(at)haba.de or by post to Habermaass GmbH, Data Protection (Datenschutz), Postfach 1107, 96473 Bad Rodach.
As a customer, regardless of whether you have registered for or receive our e-mail newsletter, we will occasionally send you an e-mail to tell you about similar offers for purchases from the HABA segments that might also interest you. In addition, we allow you to submit product reviews or take part in surveys in return for postage-free shipping. You will receive this information on the basis of the statutory permission granted under Section 7(3) UWG (German Act against Unfair Competition). You can of course object at any time to receiving these messages without incurring any charges, apart than those for the transmission at the basic rates. You can object, for example, via shop(at)haba.de.
When you only use our website for informational purposes, in other words if you do not register or otherwise provide information, we collect the personal data that your browser sends to our server. This data is technically necessary for us to display our website to you and to be able to ensure stability and security, s. 6(1)(1)(f) GDPR:
Our website uses so-called cookies at several places. Cookies help to make our of-ferings more user-friendly, effective, and secure.
When you visit our website, we conduct analyses to learn, for example, what infor-mation is the most sought or the path by which you came to access our website. Our analytics tools require the determination of individual visitors to evaluate individual behaviour. Personal identification is however in principle not necessary because only statistical data is to be created. Therefore, IP addresses are typically only col-lected in shortened form, which is also required by the procedures of supervisory authorities.
The legal basis for processing this analytical data is our legitimate interest in under-standing how our customers interact with our website so that we can optimize the user experience and the functions of our website, s. 6(1)(1)(f) GDPR.
Below, some third party providers for analytical services, online advertising, and sim-ilar services, with which we currently have partnerships, are listed.
a) Creation of pseudonymous usage profiles for web analytics – Episerver Inc.
On this website, data for marketing and optimization purposes is stored using technologies by Episerver Inc., 542 Amherst Ave, Nashua, New Hampshire 03063 (https://www.episerver.de). This data allows us to specifically match our internet sites to your interests and provide you with a personalized service. This is done by analyzing your user behaviour using the products that you have already shown interest for in our shop. The analysis is carried out using cookies that are stored on your computer or mobile end device. These cookies enable us to recog-nize your browser when visiting our website again. Usage profiles are created ex-clusively using pseudonyms (email hashes) and are not combined with your personal data. If you do not wish to use our personalized website service, either de-lete the cookies stored on your device upon visiting our website, or change the settings on your web browser so that generally no cookies can be stored on your computer.
The legal basis for the processing of your data is s. 6(1)(1)(1)(f) GDPR. For more information on data processing by Episerver, please visit www.episerver.de/legal/privacy-statement/. Episerver is compliant with the EU-US Privacy Shield, www.privacyshield.gov/EU-US-Framework.
b) "Google Analytics" and "Google Tag Manager"
Our website uses Google Analytics and Google Tag Manager, web analytics ser-vices by Google Inc. ("Google"). Google Analytics and Google Tag Manager use so-called "cookies", text files that are stored on your computer and that make it possible to analyze your use of the website. This allows us to regularly improve our website and make it more interesting. The legal basis for the use of Google Analytics is s. 6(1)(1)(1)(f) GDPR.
The information generated by the cookie about your use of our website (including your IP address) will be transmitted to a Google server in the USA and stored there. Google will use this information to evaluate your use of the website, to compile reports on website activity for us as the website operator, and also to pro-vide services connected to website use and internet use. Google may also trans-fer this information to third parties if this is required by law or if third parties pro-cess this data on behalf of Google. Google will not associate your IP address with other Google data. By using this website you consent to the processing of data about you by Google in the manner and for the purposes set out above. The col-lection and storage of data can be objected to at any time with future effect.
In addition, you can also prevent the collection of data created by the cookie as-sociated with your use of the website (incl. your IP address) by Google as well as processing of this data by Google by downloading and installing (using the fol-lowing link) the browser plug-in available at the following link.
Alternatively to the browser add-on or within browsers on mobile devices, please click on this link , in order to prevent the collection of data by Google Analytics within this website in the future (the opt-out only works in the specific browser you are using and only for this domain). This stores an opt-out cookie on your device. If you delete your cookies in this browser, you must click on this link again.
Information of the third party provider: Google Dublin, Google Ireland Ltd., Gor-don House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001.
Our website uses "social plug-ins". Currently, this is the plug-in of the Facebook service, Google+, Twitter, WhatsApp and Pinterest. You can recognize the provider of plug-ins by means of the label on the box with the first letter of its name or the logo. We provide you with the option of communicating directly with the provider of the plug-in via the button. Only if you click on the selected field and activate it, the plug-in provider receives notification that you have accessed the website with our online content. This plug-in may under certain circumstances be used to send in-formation, which may include personal data, to the service provider. This information may be used by the service provider. Our website is prevented from the undetected and undesired collection and transmission of data to the service provider by means of a "2 click solution". To activate a desired plug-in, the corresponding switch must simply be enabled. The collection of information and its transmission to the service provider is first triggered by this activation of the plug-in. Our website does not collect any personal data by means of the social plug-in or through its use.
Our website has no influence on which data is collected by an activated plug-in and how it is used by the provider.
If you do not want social networks to collect data on you via our website, you must log out of the social networks before you visit our website.
We have included the social plug-ins of the following companies on our website:
Facebook Inc., 1601 S California Ave, Palo Alto, California 94304, USA; www.facebook.com/policy.php; further information on data collection: www.facebook.com/help/186325668085084, www.facebook.com/about/privacy/your-info-on-other#applications as well as www.facebook.com/about/privacy/your-info#everyoneinfo. Facebook is com-pliant with the EU-US Privacy Shield, www.privacyshield.gov/EU-US-Framework.
Google Inc., 1600 Amphitheater Parkway, Mountainview, California 94043, USA; www.google.com/policies/privacy/partners/. Google is compliant with EU-US-Privacy-Shield, www.privacyshield.gov/EU-US-Framework.
Pinterest Inc., 808 Brannan Street, San Francisco, CA 94103, USA, policy.pinterest.com/de/privacy-policy.
Integration of YouTube videos
We have integrated YouTube videos into our website that are stored at www.youtube.com and can be directly played by our website. These are all integrated in "extended data protection mode", i.e. that no data is transmitted via you as a user to YouTube if you do not play the videos. Only when you play the videos will the data listed below be transmitted. We have no influence on this data trans-mission.
By visiting the website, YouTube receives the information that you have accessed the corresponding page on our website. The data referred to in Section IV of this pol-icy is also transmitted. This is done independently of whether YouTube provides a user account that you have logged into or whether there is no user account. If you are logged into Google, your data is directly attributed to your account. If you do not wish for this attribution to be made with your
YouTube profile, you must log out prior to activating the button. YouTube stores your data as a user profile and uses it for the purposes of advertising, market research, and/or demand-oriented design of its website. Such an evaluation is carried out in particular (even for users who are not logged in) to provide advertising that is de-mand-oriented and in order to notify other users of the social network about your activities on our website. You have the right to object to the creation of this user pro-file. To exercise this right, you must address your objection to YouTube.
Integration of Cliplister videos
We have integrated the service Cliplister-Videos (provider is the Cliplister GmbH, Schauenburgerstraße 116, 24118 Kiel) into our online offer, which are stored on www.cliplister.com and which can be downloaded directly from our website. stored and are directly playable from our website. These are all integrated in "ex-tended data protection mode", i.e. that no data is transmitted via you as a user to Cliplister if you do not play the videos. Only when you play the videos will the data listed below be transmitted. We have no influence on this data transmission.
If you access this Cliplister website or Cliplister services through a browser, application or other client software, Cliplister will automatically store and process data dur-ing the communication process. These server logs may include the following information: web request, interaction with a service, IP address (Internet Protocol ad-dress), browser type, language of the browser, date and time of the request, and one or more cookies representing the user's browser or uniquely identify the user account. After completion of the communication process, the IP address is anonymized. The anonymized data is evaluated for statistical purposes.
Für weitere Informationen lesen Sie unseren Datenschutzhinweise - Facebook Fanpage.
We do not sell the data we collect. We share the information we receive with third parties exclusively with the scope described below:
In order to avoid loss or misuse of the data we have stored, we take extensive tech-nical and operational security precautions that are regularly checked and adapted to technological progress. We use SSL (RSA 1024 Bit) as encryption and security software. This method is successfully used across the World Wide Web. You can recognize that you are browsing securely when you see a symbol (closed padlock) in your browser's lower window bar.
All of your personal data (name, address, credit card number, bank code, account number, etc) is thus encrypted and securely transmitted on the internet.
Only our HABA server can decrypt your data. During the transmission, unauthorized persons cannot read your information!
However, it is also your responsibility to protect the data you have made available by means of encryption or other measures against misuse.
We generally anonymize and/or delete your personal data as soon as it is no longer necessary for the purposes mentioned above and if no legal requirements for detec-tion and storage (e.g. according to the Commercial Code or Tax Code) require further storage.
The GDPR regulates the rights of the "data subject" in s. 15-12 GDPR. Therefore, you have at any time the right to obtain information about the data stored with re-spect to your person, its origin, and recipient, as well as the purpose of storage. In addition, you are entitled to request, under certain conditions, the deletion of your data as well as a restriction of processing, the correction of your data, and the trans-fer of your data in a common machine-readable format. This also applies to the right to obtain information about the existence of automated decision-making, including profiling according to s. 22(1) and (4) GDPR and – at least in these cases – mean-ingful information about the logic involved as well as the scope and desired effects of such processing with respect to your person.
Please direct your matter by email to internet(at)haba.de or by post to Habermaass GmbH, Data Protection (Datenschutz), Postfach 1107, 96473 Bad Rodach.
Objection or revocation of consent to the processing of your data
If you have granted consent to the processing of your data, you can revoke this con-sent at any time. Such a revocation influences the permissibility of processing your personal data after you have declared this revocation of consent to us.
If we justify the processing of your personal data on the basis of overriding interest in accordance with s. 6(1)(1)(f) GDPR, you can object to the processing of your per-sonal data. This is the case, if processing is not necessary, in particular to fulfil a contract with you. When exercising such an objection, we ask for the reasons why we should not process your personal data as we have done. If we have a reasoned objection, we review the circumstances and will either discontinue or adjust data processing or show our overriding legitimate grounds for continuing to process the data.
You can of course object at any time to the processing of your personal data for the purposes of advertising and data analysis. Please direct your matter by email to internet(at)haba.de or by post to Habermaass GmbH, Data Protection (Datenschutz), Postfach 1107, 96473 Bad Rodach.
You have the option of contacting the Data Protection Officer at the address speci-fied above or of contacting a data protection supervisory authority. The data protec-tion supervisory authority we are subject to is:
Managing Partner: Klaus Habermaass
Chief Executive Officer: Arnd Mückenberger, Tim Steffens
Listing: District court Coburg, HRB 256
Habermaass GmbH is part of the HABA Family of Companies.