Privacy Notice

(Version: 5/2/2018)

I. Name and Address of the Controller

The responsible party for data processing (“controller”) under the General Data Protection Regulation (GDPR), the national data protection laws of the Member States of the European Union, and other data protection laws and regulations is:

LOBA GmbH & Co. KG
Managing Partner Michael Fischer
Leonberger Strasse 56–62
D-71254 Ditzingen
Commercial Register, District Court of Stuttgart, HRB203642
VAT ID: DE146020279
 

II. Name and Address of the Data Protection Officer

Data Protection Officer
DSB Matthias Hoher
LOBA GmbH & Co. KG
Leonberger Strasse 56–62
D-71254 Ditzingen
Phone: +49 (0) 7156 357122
E-Mail: dsb@loba.de
 

III. General Information on Data Processing

  1. Scope of processing of personal data

    In principle, we collect and process the data of visitors to our website only to the extent required to ensure the proper functioning of our website and its content and services. Processing of our users' personal data takes place regularly and only with the user's consent. An exception applies in such cases where prior consent cannot be obtained due to factual reasons, and processing the data is permitted by law.

     
  2. Legal basis for processing personal data

    Insofar as we obtain the consent of the data subject for processing personal data, Article 6(1)(a) of the EU General Data Protection Regulation (GDPR) serves as the legal basis for processing. For the personal data processing in order to execute a contract in which the data subject is a party, Article 6(1)(b) GDPR serves as the legal basis. This also applies to processing steps required to implement pre-contractual measures. Insofar as the processing of personal data is required to fulfill a legal obligation to which our company is subject, Article 6(1)(c) GDPR serves as the legal basis. If the vital interests of the data subject or another natural person necessitates the processing of personal data, Article 6(1)(d) GDPR serves as the legal basis. If processing is necessary to safeguard a legitimate interest of our company or a third party, and if the interests, fundamental rights and basic freedoms of the data subject do not outweigh the aforementioned legitimate interest, Article 6(1)(f) GDPR serves as the legal basis for processing.
 
     
  3. Data deletion and storage duration

    The personal data of the data subject will in each case be deleted or blocked as soon as the purpose of data storage no longer applies. Data may be stored for a longer period of time if this has been stipulated by the European legislature or national legislatures in EU regulations, laws, or other provisions to which the controller is subject. Data will also be blocked or deleted if a storage period prescribed by the aforementioned regulations, laws, etc. expires, unless there is a need for further storage of the data in order to conclude or fulfill the terms of a contract.

IV. Provision of the Website and Creation of Log Files

  1. Description and scope of data processing
    Every time you visit our website, our system automatically collects data and information from the system of the computer accessing the website.
    The following data is collected:

    (1) Information about the browser type and browser version used
    (2) The user's operating system
    (3) The user’s IP address
    (4) Date and time of access
    (5) Websites from which the user's system reaches our website
    (6) Websites accessed by the user's system via our website

    This data is also stored in our system’s log files. However, the data is not stored together with the user's other personal data.
     
  2. Legal basis for data processing
    The legal basis for the temporary storage of data and log files is Article 6(1)(f) GDPR.
     
  3. Purpose of data processing
    Temporary storage of the IP address by our system is necessary in order to enable the system to send our website to the user's computer. For this purpose, the user’s IP address must remain stored for the duration of the session.

    Storage in log files occurs in order to ensure that the website functions properly. The data we collect also helps us optimize the website and maintain IT system security. An analysis of the data for marketing purposes does not take place in this context.

    These purposes also correspond to our legitimate interest in data processing pursuant to Article 6 (1)(f) GDPR.
     
  4. Duration of storage
    Data will be deleted as soon as it is no longer needed to achieve the purpose for which it was collected. Such data that is collected in order to ensure the provision of the website is deleted when the respective session has ended.

    In the case of data stored in log files, deletion occurs after seven days at the latest. Storage beyond this period is possible. In this case, the user’s IP addresses are deleted or distorted so that they can no longer be associated with the visiting client.
     
  5. Objection and removal option
    The collection of data in order to ensure the provision of the website and the storage of data in log files are essential to operating the website. As a result, users do not have an option to object to such data collection.

V. Use of Cookies

a) Description and scope of data processing
Our website uses cookies. Cookies are text files that are stored in the Internet browser or by the Internet browser on the user's computer system. When a user visits a website, a cookie may be stored in their operating system. This cookie contains a distinguishing character string that allows the browser to be clearly identified when the website is visited again.

We use cookies to make our website more user-friendly. Some elements of our website require the accessing browser to be identified even after a page change.

The following data is saved and transmitted in the cookies:

(1) Language settings (applies only to our Web store)
(2) Items in a shopping cart (applies only to our Web store)
(3) Login information (applies only to our Web store)

Our website also uses cookies that enable an analysis of users’ surfing behavior. The following data may be transmitted as a result:

The following data may be transmitted as a result:

(1) Search terms entered
(2) Frequency with which pages are viewed
(3) Website functions used

The user data collected in this way is pseudonymized by technical means. Once this is done, it is no longer possible to associate the data with the accessing user. The data is not stored together with other personal user data.

When our website is accessed, an information banner informs visitors of the use of cookies for analysis purposes, and reference is also made to this Privacy Notice. In this regard, information is also provided about how the storage of cookies can be prevented by changing certain browser settings.

b) Legal basis for data processing
The legal basis for the processing of personal data using technically necessary cookies is Article 6(1)(f) GDPR. In the event that a user gives their consent for the processing of personal data using analytical cookies, the legal basis for such processing is Article 6(1)(a) GDPR.

c) Purpose of data processing
The purpose of using technically required cookies is to simplify the use of website for users. Some functions of our website cannot be offered without using cookies. Such cookies require the accessing browser to be identified even after a page change.

We need cookies for the following applications:

(1) Language settings (applies only to our Web store)
(2) Items in a shopping cart (applies only to our Web store)
(3) Login information (applies only to our Web store)

The user data collected by technically necessary cookies is not used to create user profiles.
Analytical cookies are used to improve the quality of our website and its content. Analytical cookies enable us to find out how our website is used and therefore make it possible for us to continuously optimize our website, our products, and our services.

These purposes also correspond to our legitimate interest in the processing of personal data pursuant to Article 6 (1)(f) GDPR.

e) Duration of storage and objection and removal option
Cookies are installed on the user’s computer, which transmits them to our website. You as a user therefore have complete control over the use of cookies. You can deactivate or restrict the transmission of cookies by changing the settings in your Web browser. Cookies that have already been stored can be deleted at any time. This can also be done automatically. If you deactivate the use of cookies for our website, it may not be possible for you to use all of the website’s functions in full.

Google Analytics

This website uses Google Analytics, a web analytics service from Google Inc. (“Google”). Google Analytics uses “cookies,” which are text files that are saved on users’ computers and enable the analysis of your use of the website. The information generated by the cookie about your use of this website is usually transmitted to a Google server in the United States and stored there.

However, if a user enables the IP anonymization option on this website, their IP address will be truncated by Google beforehand within Member States of the European Union or other states that are parties to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the United States and then shortened there. IP anonymization is active on this website. On behalf of the operator of this website, Google will use this information to analyze how this website is used, compile reports on website activities, and provide the website operator with additional services associated with website use and Internet use.

The IP address transmitted by your browser within the context of Google Analytics is not merged with other Google data. You can prevent storage of cookies by selecting the corresponding setting in your browser software; however, we would point out that if you do so, you may not be able to use all of the website’s functions in full. You can also prevent Google from collecting the data relating to your use of the website (including your IP address) that is generated by the cookie, and prevent Google from processing this data, by downloading and installing the browser plug-in available via the following link: http://tools.google.com/dlpage/gaoptout?hl=de.

As an alternative to the browser add-on, or within browsers on mobile devices, please click on this link to prevent data collection by Google Analytics on this website in the future. When you do so, an opt-out cookie will be installed on your device. If you delete your cookies, you will need to click on this link again.

VI. Newsletter

  1. Description and scope of data processing

    Our website offers you an option to subscribe to a free newsletter. When you register for the newsletter, the data entered into the registration form is transmitted to us.

    (1) Salutation
    (2) First name
    (3) Last name
    (4) E-mail address

    The following data is also collected when you register for the newsletter:

    (1) Date and time of registration
    During the registration process, your consent will be obtained for the processing of the data, and reference will be made to this Privacy Notice.

    If you purchase merchandise or procure services at our website and provide your e-mail address, we may use this address to send you a newsletter. In this case, the newsletter will only be used for the direct marketing of similar products or services.

    No data is disclosed to third parties during the data processing required for delivering newsletters. The data is used solely for sending the newsletter.
     
  2. Legal basis for data processing
    The legal basis for sending the newsletter after the purchase of merchandise or the procurement of services is Section 7(3) of the Act Against Unfair Competition (UWG).
     
  3. Purpose of data processing
    The user’s e-mail address is collected for the purpose of delivering the newsletter.
     
  4. Duration of storage
    Data will be deleted as soon as it is no longer needed to achieve the purpose for which it was collected. The e-mail address of the user is therefore stored for as long as the newsletter subscription remains active.
     
  5. Objection and removal option
    The user can cancel the subscription to the newsletter at any time. Every newsletter contains a corresponding link for this purpose.

VII. Contact Form and E-Mail Contact

  1. Description and scope of data processing
    Our website includes a contact form that can be used to contact us online. If you use this form, the data you enter is sent to us and stored. This data is: At the time a message is sent, the following data is also stored: 
    1. Company name
    2. Salutation
    3. First name
    4. Last name
    5. Street
    6. Zip code
    7. City
    8. Country
    9. Telephone number
    10. Fax number
    11. E-mail
    12. Subject
    13. Your message


During the sending process, your consent will be obtained for the processing of the data, and reference will be made to this Privacy Notice.

Alternatively, you can contact us via the e-mail address provided. In this case, the personal data that is transmitted together with the e-mail will be stored.

There is no disclosure of data to third parties here. The data is used solely for processing the conversation.
 

  1. Legal basis for data processing
    In the event that a user gives their consent for the processing of their data, the legal basis for such processing is Article 6(1)(a) GDPR.

    The legal basis for processing data in the course of sending an e-mail is Article 6(1)(f) GDPR. If the aim of the e-mail contact is to conclude a contract, then Article 6(1)(b) GDPR also serves as the legal basis for processing.
     
  2. Purpose of data processing
    Processing of personal data from the contact form occurs solely to enable us to process the contact request. In the case of contact via e-mail, we also have a legitimate interest in processing the personal data.
    Processing of other personal data during the sending process is intended to prevent improper use of the contact form and ensure the security of our IT systems.
     
  3. Duration of storage
    Data will be deleted as soon as it is no longer needed to achieve the purpose for which it was collected. Personal data entered into the contact form and data sent via e-mail will also be deleted when the conversation with the user in question has ended. A conversation is considered to have ended if it can be inferred from current circumstances that the subject of the conversation has been definitively clarified.

    The additional personal data collected as part of the sending process will be deleted after seven days at the latest.
     
  4. Objection and removal option
    The user may withdraw their consent to the processing of their personal data at any time. If the user contacts us via e-mail, they can object to the storage of their personal data at any time. In such cases, it will no longer be possible to continue the conversation, and all personal data that was stored when contact was established will be deleted.

VIII. Rights of the Data Subject

The following list of rights shows all the rights possessed by the data subject pursuant to the GDPR. Rights that are not relevant to the use of this website do not need to be included on this list. The list can thus be shortened.
Whenever your personal data is processed, you are considered a data subject within the meaning of the GDPR and you have the following rights vis-à-vis the data controller in question:

  1. Right of Access
    You have the right to obtain confirmation from the controller as to whether or not personal data concerning you is being processed by us.
    Where this is the case, you have the right to obtain the following information from the controller on:

    (1) The purposes of personal data processing.
    (2) The categories of personal data concerned.
    (3) The recipients or categories of recipients to whom the personal data have been or will be disclosed.
    (4) The envisaged period for which the personal data will be stored, or, if no specific information can be given, the criteria that will be used to determine that period.
    (5) The existence of a right to rectification or erasure of your personal data or the right to request from the controller to restrict the processing of personal data concerning you, or to object to such processing.
    (6) The existence of a right to lodge a complaint with a supervisory authority.
    (7) All available information as to the source of personal data if the personal data has not been collected from you.
    (8) The existence of automated decision-making, including profiling, as described in Article 22(1) and (4) GDPR and, at least in these cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for you as the data subject.

    You have the right to obtain information as to whether personal data relating to you has been or will be transferred to a third country or to an international organization. In this context, you can request to be informed of appropriate safeguards in accordance with Article 46 GDPR in connection with such data transfers.
     
  2. Right to rectification
    You have the right to obtain from the controller the rectification and/or completion of incorrect or incomplete personal data concerning you. The controller must make the corrections without delay.
     
  3. Right to restriction of processing
    You have the right to obtain restriction of processing from the controller, where one of the following applies:

    (1) You contest the accuracy of the personal data relating to you for a period that enables the data controller to verify the accuracy of the personal data.
    (2) The processing is unlawful and you oppose the erasure of the personal data and instead request the restriction of its use.
    (3) The controller no longer needs the personal data for the purposes of the processing, but you need the data for the establishment, exercise, or defense of legal claims.
    (4) You have objected to processing pursuant to Article 21(1) and it has not yet been determined whether the controller’s legitimate reasons for processing outweigh your reasons for requesting the restriction of processing.

    If the processing of personal data relating to you has been restricted, such data may – with the exception of storage – only be processed with your consent or for the establishment, exercise, or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.
    If the processing restriction itself is limited due to the existence of one of the aforementioned conditions, you will be informed by the controller before the restriction of processing is lifted.
     
  4. Right to erasure
    a) Obligation to delete
    You have the right to request the controller to erase the personal data concerning you without undue delay and the controller will be obligated to erase this data without undue delay if one of the following applies:

    (1) The personal data concerning you is no longer necessary for the purposes for which it was collected or otherwise processed.
    (2) You withdraw consent on which processing is based in accordance with Article 6(1)(a) or Article 9(2)(a) GDPR and there is no other legal basis for the processing.
    (3) You object to the processing pursuant to Article 21(1) GDPR and there are no overriding legitimate reasons for the processing, or you object to the processing pursuant to Article 21(2) GDPR.
    (4) The personal data concerning you has been unlawfully processed.
    (5) The personal data concerning you must be erased in order to comply with a legal obligation under Union or Member State law to which the controller is subject.
    (6) The personal data concerning you has been collected in relation to the offer of information society services referred to in Article 8(1) GDPR.
     

 

b) Information to third parties
If the controller has made personal data concerning you public and is obligated to erase this data pursuant to Article 17(1) GDPR, the controller shall take reasonable steps, including technical measures and taking into account available technology and the cost of implementation, to inform controllers which are processing the personal data that you as the data subject have requested the erasure by such controllers of any links to, or copy or replication of, this personal data.

c) Exceptions
The right to erasure does not apply if processing is necessary:
(1) To exercise the right of freedom of expression and information.
(2) To comply with a legal obligation which requires processing under Union or Member State law to which the controller is subject, or for the performance of a task carried out in the public interest, or in the exercise of official authority vested in the controller.
(3) For reasons of public interest in the area of public health in accordance with Article 9(2)(h) and (i) and Article 9(3) GDPR.
(4) For archiving purposes in the public interest, scientific or historical research purposes, or statistical purposes in accordance with Article 89(1) GDPR in so far as the right which is referred to in point a) above is likely to render impossible or seriously impair the achievement of the objectives of that processing.
(5) To establish, exercise, or defend legal claims.
 

  1. Right to notification
    If you have exercised your right to have the data controller rectify, erase, or restrict processing, the controller is obligated to communicate any rectification or erasure of personal data, or restriction of processing, to each recipient to whom the personal data relating to you has been disclosed, unless this proves impossible or involves disproportionate effort.
    You have the right to obtain information from the controller about those recipients.
     
  2. Right to data portability
    You have the right to receive the personal data concerning you, which you have provided to a controller, in a structured, commonly used, and machine-readable format. You also have the right to transmit this data to another controller without hindrance from the controller to which the personal data has been provided, in such cases where:
    (1) the processing is based on consent pursuant to Article 6(1)(a) or Article 9(2)(a) GDPR or based on a contract pursuant to Article 6(1)(b) GDPR, and
    (2) processing is carried out by automated means.
    In exercising this right, you also have the right to have the personal data concerning you transmitted directly from one controller to another, to the extent that this is technically feasible. Exercising this right must not adversely affect the rights and freedoms of others.
    The right to data portability does not apply to processing necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
     
  3. Right to object
    You have the right to object at any time on grounds relating to your particular situation to the processing of personal data concerning you which is based on Article 6(1)(e) or Article 6(1)(f) GDPR, including profiling based on these provisions.
    The controller will then no longer process the personal data concerning you unless the controller demonstrates compelling legitimate grounds for the processing which outweigh your interests, rights, and freedoms, or if processing serves to establish, exercise, or defend legal claims.
    If personal data relating to you is processed for direct marketing purposes, you have the right to object at any time to the processing of personal data concerning you for the purposes of such marketing; this also applies to profiling to the extent that it is associated with such direct marketing.
    If you object to processing for direct marketing purposes, the personal data relating to you will no longer be processed for such purposes.
    In connection with the use of information society services – and notwithstanding Directive 2002/58/EC – you can exercise your right to object by using automated means that employ technical specifications.
     
  4. Right to withdraw your declaration of consent under data protection law
    You have the right to withdraw your declaration of consent under data protection law at any time. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.
     
  5. Automated individual decision-making, including profiling
    You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or significantly affects or impairs you in a similar manner. This does not apply if the decision

    (1) is necessary for the conclusion or performance of a contract between you and the controller;
    (2) is authorized under Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard your rights and freedoms and legitimate interests; or
    (3) is based on your explicit consent.

    However, these decisions may not be based on special categories of personal data referred to in Article 9(1) GDPR, unless Article 9 (2)(a) or (g) GDPR applies and appropriate measures have been taken to protect your rights and freedoms and your legitimate interests.
    In the cases referred to in (1) and (3), the data controller shall implement suitable measures to safeguard your rights and freedoms and legitimate interests, including at least your right to obtain human intervention on the part of the controller, the right to express your point of view, and your right to contest the decision.
     
  6. Right to lodge a complaint with a supervisory authority
    Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your residence, place of work or place of the alleged infringement, if you believe that the processing of personal data relating to you is in violation of the GDPR. The supervisory authority with which the complaint has been lodged shall inform the complainant on the progress and the outcome of the complaint, including the possibility of a judicial remedy pursuant to Article 78 GDPR.
     

Supervisory authority

Landesbeauftragte für den Datenschutz und die Informationsfreiheit Baden – Württemberg
Postfach 10 29 32
D-70025 Stuttgart

Phone: +49 (0)711 615541-0
Fax: +49 (0)711 615541-15

E-Mail: poststelle@lfdi.bwl.de

Hinweis zur Verwendung von Cookies

Um unsere Webseite für Sie optimal zu gestalten verwenden wir Cookies. Durch die Nutzung der Webseite stimmen Sie der Cookie-Nutzung zu.

Datenschutzerklärung OK