Last updated: 01/15/2019
We, Habermaass GmbH, August-Grosch-Str. 28-38, 96476 Bad Rodach (hereinafter referred to as HABA), are responsible for processing your data pursuant to s. 4(7) of the EU General Data Protection Regulation (GDPR) when you visit our website.
If you have any questions regarding data privacy, you can reach our Data Protection Officer by post: Habermaass GmbH, Data Protection (Datenschutz) Postfach 1107, 96473 Bad Rodach, or by email: internet(at)haba.de with the subject: Data Protection (Datenschutz)
The following policy gives you an overview of how we guarantee the protection of your data under GDPR. In particular, we would like to explain to you as a visitor to our website what kind of data we collect, why we collect this data, how we use this data, and how you can at any time determine how your personal data is handled. When you contact us by post, email, or via a contact form, the data you communicate is saved by us in order to be able to respond to your questions. We delete the data collected in this context after storage is no longer necessary, or we restrict pro-cessing if legal retention requirements exist.
HABA will collect and use your personal data for the processing of orders with either mandatory fields in our online shop or questions for telephone orders. The following information is required:
Gender, name; date of birth, address, and email address.
Other information is optional. In order to be able to handle and ship your order, we share your data to the delivery service which handles shipment. We may also share your payment data with our bank. The legal basis for this is s. 6(1)(1)(b) GDPR.
HABA may also process the data you have provided in order to inform you by mail regarding other interesting products from our entire portfolio, in accordance with s. 6(1)(1)(f) GDPR, or send you emails with technical information about our webshop.
HABA also offers other services such as wish lists, birthday specials, surprise packages, etc. that you can use, if interested. For this purpose it is sometimes nec-essary to provide other personal data in order to provide your desired service. Your data must sometimes be shared with our carefully selected service providers in order to provide these services. HABA currently offers the following services:
If our service providers or partners have their headquarters in a country outside the European Economic Area (EEA), we will notify you of this circumstance in the description of the offer.
If you later decide that you no longer want to use our services, you can object to the data processing at any time with future effect. To do this, send a message to internet(at)haba.de or by post to Habermaass GmbH, Data Protection (Datenschutz), Postfach 1107, 96473 Bad Rodach.
Child data - Our website is not intended for persons under the age of 16 years, and we ask that persons under 16 years of age please abstain from providing us with any personal data. Such data may only be provided by the legal guardian or with the guardian's consent. If we learn that we have unlawfully collected the personal data of a child under 16 years of age, we will initiate steps for the quickest possible deletion of this data.
With your consent, you can subscribe to our newsletter, which we use to provide you with information about current interesting offers. In this context, the newsletter sent by HABA education can also in part be used to advertise goods and services from our en-tire group of companies, if they correspond with your interest in our products. Our group of companies includes: Habermaass GmbH as well as its sales division Heldbergs, Wehrfritz GmbH, Jako-o Familystore GmbH & Co. KG, Project Schul- und Objekteinrichtungen GmbH, Jako-o Möbel und Spielmittel für die junge Familie GmbH, as well as its sales divisions FIT-Z and Qiero!. To support email shipping, we use the services of flatrate Newsletter – Indoblo Commerce Limited, Am Heidberg 1, 24226 Heikendorf.
When you register for our newsletter, we use the so-called double opt-in method. This means that after you have registered, we send an email to the email address you have provided. In this email we ask you to confirm that you wish to receive the newsletter. For this purpose we store your IP addresses and the times of registration and confirmation. The purpose of the method is to prove your registration and, if necessary, to provide information about any possible misuse of your personal data.
The only information required to receive the newsletter is your email address. Providing any other separately marked data is optional and this data will be used to be able to personally address you. After you have confirmed, we store your email address for the purpose of sending the newsletter. The legal basis for this is s. 6(1)(1)(a) GDPR.
You can withdraw your consent to the newsletter at any time and cancel your subscription to the newsletter. You can declare your revocation by clicking on the link provided in each newsletter by sending a corresponding email to internet(at)haba.de or by post to Habermaass GmbH, Data Protection (Datenschutz), Postfach 1107, 96473 Bad Rodach.
When you only use our website for informational purposes, in other words if you do not register or otherwise provide information, we collect the personal data that your browser sends to our server. This data is technically necessary for us to display our website to you and to be able to ensure stability and security, s. 6(1)(1)(f) GDPR:
IP address; date and time of the request; time zone difference; content of the request; access status/HTTP status code; quantity of data transferred; website from which the request was forwarded; browser; operating system and its environment; language and version of the browser software.
Customer surveys - on our website, non-personal customer surveys are carried out from time to time to improve our products and services as well as for technical im-provement of our website. Only the data sent by your browser is transmitted to us.
In addition to the aforementioned data, cookies are stored on your end device when you use our website.
Our website uses so-called cookies at several places. Cookies help to make our offerings more user-friendly, effective, and secure.
A cookie is a small data file that we transfer to your browser when you surf on our website. A cookie can only contain information that we send to your end device itself – private data cannot be read. We have no access to your personal information, but we can identify your browser using cookies.
Most browsers automatically accept cookies. The help function in the menu bar of most web browsers explains how to prevent your browser from accepting new cookies, how to ensure that your browser notifies you when you receive a new cookie, as well as how you can disable all received cookies. If you disable cookies, certain features on our website may not be available, and some webpages may not be displayed properly. The websites youronlinechoices.com and meine-cookies.org inform you about usage-based and behaviour-based online advertising and how to avoid it.
When you visit our website, we conduct analyses to learn, for example, what information is the most sought or the path by which you came to access our website. Our analytics tools require the determination of individual visitors to evaluate individual behaviour. Personal identification is however in principle not necessary because only statistical data is to be created. Therefore, IP addresses are typically only collected in shortened form, which is also required by the procedures of supervisory authorities.
The legal basis for processing this analytical data is our legitimate interest in understanding how our customers interact with our website so that we can optimize the user experience and the functions of our website, s. 6(1)(1)(f) GDPR.
Below, some third party providers for analytical services, online advertising, and similar services, with which we currently have partnerships, are listed.
a) Creation of pseudonymous usage profiles for web analytics – Episerver Inc.
On this website, data for marketing and optimization purposes is stored using technologies by Episerver Inc., 542 Amherst Ave, Nashua, New Hampshire 03063 (https://www.episerver.de). This data allows us to specifically match our internet sites to your interests and provide you with a personalized service. This is done by analyzing your user behaviour using the products that you have already shown interest for in our shop. The analysis is carried out using cookies that are stored on your computer or mobile end device. These cookies enable us to recognize your browser when visiting our website again. Usage profiles are created exclusively using pseudonyms (email hashes) and are not combined with your personal data. If you do not wish to use our personalized website service, either delete the cookies stored on your device upon visiting our website, or change the settings on your web browser so that generally no cookies can be stored on your computer.
The legal basis for the processing of your data is s. 6(1)(1)(1)(f) GDPR. For more information on data processing by Episerver, please visit https://www.episerver.de/legal/privacy-statement/. Episerver is compliant with the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.
b) "Google Analytics" and "Google Tag Manager"
Our website uses Google Analytics and Google Tag Manager, web analytics services by Google Inc. ("Google"). Google Analytics and Google Tag Manager use so-called "cookies", text files that are stored on your computer and that make it possible to analyze your use of the website. This allows us to regularly improve our website and make it more interesting. The legal basis for the use of Google Analytics is s. 6(1)(1)(1)(f) GDPR.
The information generated by the cookie about your use of our website (including your IP address) will be transmitted to a Google server in the USA and stored there. Google will use this information to evaluate your use of the website, to compile reports on website activity for us as the website operator, and also to provide services connected to website use and internet use. Google may also transfer this information to third parties if this is required by law or if third parties pro-cess this data on behalf of Google. Google will not associate your IP address with other Google data. By using this website you consent to the processing of data about you by Google in the manner and for the purposes set out above. The collection and storage of data can be objected to at any time with future effect.
In addition, you can also prevent the collection of data created by the cookie associated with your use of the website (incl. your IP address) by Google as well as processing of this data by Google by downloading and installing (using the following link) the browser plug-in available at the following link.
Alternatively to the browser add-on or within browsers on mobile devices, please click here, in order to prevent the collection of data by Google Analytics within this website in the future (the opt-out only works in the specific browser you are using and only for this domain). This stores an opt-out cookie on your device. If you delete your cookies in this browser, you must click on this checkbox again.
Information of the third party provider: Google Dublin, Google Ireland Ltd., Gor-don House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001.
If you access this Cliplister website or Cliplister services through a browser, application or other client software, Cliplister will automatically store and process data dur-ing the communication process. These server logs may include the following information: web request, interaction with a service, IP address (Internet Protocol ad-dress), browser type, language of the browser, date and time of the request, and one or more cookies representing the user's browser or uniquely identify the user ac-count. After completion of the communication process, the IP address is anony-mized. The anonymized data is evaluated for statistical purposes.
We do not sell the data we collect. We share the information we receive with third parties exclusively with the scope described below:
In order to avoid loss or misuse of the data we have stored, we take extensive technical and operational security precautions that are regularly checked and adapted to technological progress. We use SSL (RSA 1024 Bit) as encryption and security software. This method is successfully used across the World Wide Web. You can recognize that you are browsing securely when you see a symbol (closed padlock) in your browser's lower window bar.
All of your personal data (name, address, credit card number, bank code, account number, etc) is thus encrypted and securely transmitted on the internet.
Only our HABA server can decrypt your data. During the transmission, unauthorized persons cannot read your information!
However, it is also your responsibility to protect the data you have made available by means of encryption or other measures against misuse.
We generally anonymize and/or delete your personal data as soon as it is no longer necessary for the purposes mentioned above and if no legal requirements for detec-tion and storage (e.g. according to the Commercial Code or Tax Code) require further storage.
The GDPR regulates the rights of the "data subject" in s. 15-12 GDPR. Therefore, you have at any time the right to obtain information about the data stored with respect to your person, its origin, and recipient, as well as the purpose of storage. In addition, you are entitled to request, under certain conditions, the deletion of your data as well as a restriction of processing, the correction of your data, and the transfer of your data in a common machine-readable format. This also applies to the right to obtain information about the existence of automated decision-making, including profiling according to s. 22(1) and (4) GDPR and – at least in these cases – mean-ingful information about the logic involved as well as the scope and desired effects of such processing with respect to your person.
Please direct your matter by email to internet(at)haba.de or by post to Habermaass GmbH, Data Protection (Datenschutz), Postfach 1107, 96473 Bad Rodach.
Objection or revocation of consent to the processing of your data
If you have granted consent to the processing of your data, you can revoke this consent at any time. Such a revocation influences the permissibility of processing your personal data after you have declared this revocation of consent to us.
If we justify the processing of your personal data on the basis of overriding interest in accordance with s. 6(1)(1)(f) GDPR, you can object to the processing of your personal data. This is the case, if processing is not necessary, in particular to fulfil a contract with you. When exercising such an objection, we ask for the reasons why we should not process your personal data as we have done. If we have a reasoned objection, we review the circumstances and will either discontinue or adjust data processing or show our overriding legitimate grounds for continuing to process the data.
You can of course object at any time to the processing of your personal data for the purposes of advertising and data analysis. Please direct your matter by email to internet(at)haba.de or by post to Habermaass GmbH, Data Protection (Datenschutz), Postfach 1107, 96473 Bad Rodach.
You have the option of contacting the Data Protection Officer at the address specified above or of contacting a data protection supervisory authority. The data protection supervisory authority we are subject to is:
Data Protection Authority of Bavaria
for the Private Sector (Bayerisches Landesamt für Datenschutzaufsicht)
Phone: +49 (0) 981 53 1300
Fax: +49 (0) 981 53 98 1300
If you wish to file a complaint, you can use the online complaint form of the data protection authority (available at: https://www.lda.bayern.de/de/beschwerde.html).
August-Grosch Str. 28 - 38
96476 Bad Rodach
Tel.: +49 9564 60100
Fax: +49 9564 662300
Managing Partner: Klaus Habermaass
Managing Director: Arnd Mückenberger, Tim Steffens
Entry in commercial register: Local Court (Amtsgericht) Coburg, HRB 256
Habermaass GmbH is part of the HABA family of companies.