Daniele Moto International OHG
Astheimer Str. 41
Post code, town, country:
65428 Rüsselsheim, Germany
HRA 81660, Darmstadt
Ronja Daniele, Alice Daniele
+49 (0) 6142/793971-0
Types of data processed:
- Master data (e.g. names, addresses).
- Contact data (e.g. email, telephone numbers).
- Content data (e.g. text entries, photographs, videos).
- Contract data (e.g. contract subject matter, term, customer category).
- Payment data (e.g. bank account details, payment history).
- Usage data (e.g. websites visited, interest in content, access times).
- Metadata/communication data (e.g. device information, IP addresses).
Processing special categories of data (Art. 9 Subsection 1 GDPR [DSGVO]):
- No special categories of data are processed.
Categories of the persons affected by the processing:
- Customers / interested parties / suppliers.
- Visitors and users of the Online Services.
In the following, we will also refer to the data subjects jointly as “users”.
Purpose of the processing:
- Provision of the Online Services, their content and functions.
- Provision of contractual performance, servicing and customer care.
- Answering of contact queries and communication with users.
- Marketing, advertising and market research.
- Security measures.
- Relevant legal grounds
- Security measures
- On the basis of Art. 32 GDPR [DSGVO], in consideration of the current state of technology, the implementation costs and the nature, scope, circumstances and purposes of processing, as well as the different probabilities of occurrence and the seriousness of the risk to the rights and freedoms of natural persons, we will arrange for appropriate technical and organisational measures in order to guarantee a protection level which is commensurate with the risk; these measures particularly include the assurance of the confidentiality, integrity and availability of data by checking the physical access to the data, as well as the relevant access, entry, disclosure, and assurance of availability and their separation. Furthermore, we have set up procedures that guarantee the exercising of rights by the data subjects, deletion of data, and responding to endangering the data. In addition, we take the protection of personal data into consideration for the development/selection of hardware, software and procedures in accordance with the principle of data protection by design and privacy-friendly default settings (Art. 25 GDPR[DSGVO]).
- The security measures particularly include the encrypted transfer of data between your browser and our server.
- Cooperation with processors and third parties
- Insofar as we disclose data to other persons and companies within the scope of our processing (processors or third parties), send data to these or otherwise grant them access to data, this only occurs on the basis of legal permission (e.g. if sending the data to third parties such as payment service providers is required for contract fulfilment in accordance with Art. 6 Subsection 1(b) GDPR [DSGVO]), if you have consented, a legal obligation prescribes this or on the basis of our legitimate interests (e.g. for the use of authorised representatives, web hosters etc.).
- Insofar as we commission third parties with the processing of data on the basis of a so-called “data processing agreement”, this occurs on the basis of Art. 28 GDPR [DSGVO].
- Transmissions to third countries
Insofar as we process data in a third country (i.e. outside of the European Union (EU) or the European Economic Area (EEA)) or disclose it within the scope of using third-party services or if disclosure/transmission of data to third parties occurs, this only occurs if it is required for fulfilling our (pre-)contractual duties, on the basis of your consent, on the basis of a legal obligation or on the basis of our legitimate interests. Subject to legal or contractual permissions, we only process data, or have the data processed, in a third country if the specific preconditions of Art. 44 et seqq. GDPR [DSGVO] exist, i.e. the processing occurs on the basis of specific guarantees, such as the officially acknowledged establishment of a privacy level corresponding to the EU (e.g. for the USA, by means of the “Privacy Shield”) or the observance of officially recognised specific contractual obligations (so-called “standard contractual clauses”).
- Rights of the data subjects
- You have the right to request a confirmation about whether personal data is processed and to receive information about this data, as well as additional information and a copy of the data in accordance with Art. 15 GDPR [DSGVO].
- In accordance with Art. 16 GDPR [DSGVO], you have the right to request the completion or correction of the personal data held about you.
- On the basis of Art. 17 GDPR [DSGVO], you have the right to request that your personal data are deleted without delay, or alternatively, on the basis of Art. 18 GDPR [DSGVO], to request the restriction of processing of your personal data.
- You have the right to request access to the personal data you have provided to us on the basis of Art. 20 GDPR [DSGVO], and to request that it be sent to other responsible parties.
- Furthermore, in accordance with Art. 77 GDPR [DSGVO], you have the right to file a complaint with the competent supervisory authority.
- Right to cancel
You have the right to revoke consent once granted in accordance with Art. 7 Subsection 3 GDPR [DSGVO] with effect for the future.
- Right to object
You may object to the future processing of the personal held about you on the basis of Art. 21 GDPR [DSGVO] at any time. The objection may specifically be made against processing for the purpose of direct marketing.
- Cookies and the right to object to direct marketing
- Deletion of data
- Under statutory requirements, the retention period is specifically six years in accordance with Section 257 Subsection 1 HGB [German Commercial Code] (trading books, inventories, opening balance sheets, annual financial statements, commercial letters, booking vouchers, etc.), and 10 years in accordance with Section 147 Subsection 1 AO [German Fiscal Act] (books, records, management reports, booking vouchers, commercial and business letters, fiscal, etc.).
- Provision of contractual services
- We process master data (e.g. names, addresses and users’ contact details), contract data (e.g. services used, names of contact persons and payment information) for the purpose of fulfilling our contractual obligations and providing services in accordance with Art. 6 Subsection 1(b) GDPR [DSGVO]. The entries marked as mandatory in online forms are required for the conclusion of a contract.
- Users may optionally create a user account, in which they can, among other things, view their orders. The mandatory details are indicated to the users during registration. The user accounts are not public and cannot be indexed by search engines. If a user cancels their user account, their data will be deleted in respect of the user account, unless retention of such data is necessary for commercial-law or tax-law reasons in accordance with Art. 6 Subsection 1(c) GDPR [DSGVO]. In the case of cancellation, users are responsible for securing their data prior to the end of the contract. We are authorised to irretrievably delete all of the user’s data stored during the term of the contract.
- Within the scope of registration and new logins, as well as the use of our Online Services, we store the IP address and the time of the respective user action. This data is stored on the basis of our legitimate interests, as well as those of the users, in respect of protection from misuse and other unauthorised use. As a rule, disclosure of this data to third parties does not occur, except if it is required to pursue our claims or if a legal obligation exists to do so in accordance with Art. 6 Subsection 1(c) GDPR [DSGVO].
- We process usage data (e.g. the websites of our Online Services visited and interest in our products) and content data (e.g. entries in the contact form or user profile) for marketing purposes in a user profile, for instance to display product information for users based on the services they have used so far.
- Deletion occurs after the expiration of statutory warranty and similar duties and the need to retain the data is checked every three years; in the case of statutory retention obligations, deletion occurs after expiration of the retention period (end of commercial-code (six years) and tax-law (10 years) retention period); details in the customer account are retained until their deletion.
- Making contact
- When making contact with us (via contact form or email), the user’s details are processed to handle the contact request in accordance with Art. 6 Subsection 1(b) GDPR [DSGVO].
- We delete the requests if they are no longer required. We check the need for deletion every two years; we permanently store requests from customers who have a customer account and refer to the details about the customer account with regard to deletion. In the case of statutory retention obligations, deletion occurs after their expiration (end of commercial-law (6 years) and tax-law (10 years) retention obligations).
- Collection of access data and log files
- We collect data on the basis of our legitimate interests in the meaning of Art. 6 Subsection 1(f) GDPR [DSGVO] about any access to the server on which this service is situated (so-called server log files). This access data includes the name of the website accessed, file, date and time of the access, transferred data volume, message about successful retrieval, browser type and version, the user’s operating system, referrer URL (the website previously visited), IP address and the requesting provider.
- Online presences on social media
- We maintain online presences on social networks and platforms in order to communicate with and inform customers, interested parties, and users who are active there about our services. When accessing the respective networks and platforms, the terms and conditions and data processing policies of their respective operators apply.
- Cookies and reach measurement
- Cookies are information files that are transferred from our web server or third-party web servers to the users’ web browsers and stored there for later retrieval. Cookies may be small files or other types of stored information.
- We use “session cookies”, which are only filed for the duration of the actual visit to our online presence (e.g. to store your login status or your shopping basket configuration, and thus to make the use of our online services possible). In a session cookie, a randomly generated unique identification number is filed: a so-called session ID. Furthermore, a cookie contains information about its origin and storage period. These cookies cannot store any other data. Session cookies are deleted once you have finished using our online services and logged off or closed your browser.
- If users do not want cookies to be stored on their computer, they are requested to deactivate the relevant option in the system settings of their browser. Stored cookies can be deleted in the browser’s system settings. The exclusion of cookies may lead to restrictions on the functionality of these Online Services.
- Reach analysis with Matomo (formerly PIWIK)
- Within the scope of Matomo, the following data is collected and stored: the browser type and browser version that you are using, your country of origin, date and time of the server enquiry, the number of visits, your time spent on the website and the external links that you have used. The user’s IP address is anonymised before it is stored.
- Users can object to anonymised data collection by the Matomo program at any time with effect for the future by clicking on the link below. In this case, a so-called opt-out cookie is stored in your browser, which will prevent Matomo from collecting any session data in the future. However, if users delete their cookies, the opt-out cookie will also be deleted and may need to be reactivated by the users.
- With the following details, we are informing you about the content of our newsletter, as well as the registration, delivery and statistical evaluation procedure and your right to cancel. By subscribing to our newsletter, you are declaring your consent to receive the newsletter and be subject to the procedures cited.
- Content of the newsletter: We only send newsletters, emails and additional electronic messages containing marketing information (hereinafter referred to as “newsletter”) with the consent of the recipient or legal permission. Insofar as its content is concretely described within the scope of registration, they are crucial to the user’s consent. Furthermore, our newsletters contain information about our products, offers, campaigns and company.
- Double opt-in and logging: Subscription to our newsletter is achieved via a so-called double opt-in procedure. This means that after subscription, you will receive an email in which you are asked to confirm your subscription. This confirmation is needed to ensure that no one can log in with a third-party email address. The subscriptions to the newsletter are logged in order to verify the subscription process in accordance with the relevant legal requirements. This includes storing the time of subscription and the time of confirmation, as well as the IP address. The changes to your data stored with the email marketing service provider are also logged.
- Furthermore, according to its own information, the email marketing service provider may use this data in a pseudonymised form, i.e. without allocation to a user, to optimise or improve its own services, e.g. for technical optimisation of the delivery and display of the newsletter or for statistical purposes, in order to determine which countries the recipients come from. However, the email marketing service provider does not use the data of our newsletter recipients to write to them itself or disclose the data to third parties.
- Subscription data: To subscribe to the newsletter, it is sufficient to provide your email address. Optionally, we request that you provide a name so that we can address you personally in the newsletter.
- Success measurement – the newsletters contain a so-called “web beacon”, i.e. a pixel-sized file, which is retrieved by the email marketing service provider’s server when the newsletter is opened. Within the scope of this retrieval, technical information, such as information about your browser, system, IP address and the time of the retrieval, is collected. This information is used for the technical improvement of the service based on the technical data or the target groups and their reading behaviour on the basis of their retrieval locations (which can be determined using the IP address) or the access times. For statistical purpose, data is also collected on whether the newsletters are opened, when they are opened, and which links are clicked on. For technical reasons, this information can be allocated to the individual newsletter recipients. However, it is neither our aim nor that of the email marketing service provider to monitor individual users. In fact, the purpose of the analyses is for us to identify the reading habits of our users and to adapt our content to them or send different content in accordance with the interests of our users.
- Delivery of the newsletter and success measurement occur on the basis of the recipient’s consent in accordance with Art. 6 Subsection 1(a) and Art. 7 GDPR [DSGVO] in conjunction with Section 7 Subsection 2 No. 3 UWG [German Fair Trade Practices Act] or on the basis of legal permission in accordance with Section 7 Subsection 3 UWG.
- The logging of the subscription process occurs on the basis of our legitimate interests in accordance with Art. 6 Subsection 1(f) GDPR [DSGVO] and serves to verify consent to receipt of the newsletter.
- Cancellation/revocation – You may cancel receipt of our newsletter at any time, i.e. revoke your consent. You can find a link to cancel your newsletter subscription at the end of every newsletter. If the users only subscribe to the newsletter and cancel this subscription, their personal data is deleted.
- Data processing for order handling
We work with the service providers below to handle your order, who support us wholly or partially with the execution of concluded contracts. Certain personal data is sent to these service providers on the basis of the following information.
The personal data that we collect is disclosed for the purpose of contract processing to the transport company that is commissioned with the delivery, insofar as this is necessary for the delivery of the goods. We disclose your personal data to the credit institution commissioned within the scope of payment processing, provided that this is necessary for payment processing. If payment service providers are used, we will inform you about this explicitly below. The legal basis for disclosure of the data is Art. 6 Subsection 1(b) GDPR [DSGVO].
Disclosure of personal data to shipping service providers
If the goods are delivered by the transport service provider DPD (DPD Deutschland GmbH, Wailandtstraße 1, D-63741 Aschaffenburg), we will provide your email address and/or your telephone number to DPD prior to the delivery of the goods in accordance with Art. 6 Subsection 1(a) GDPR [DSGVO] for the purpose of arranging a delivery date/delivery notification, provided that you have granted your express consent to this in the ordering process. Otherwise, we will only disclose the name of the recipient and the delivery address to DPD in accordance with Art. 6 Subsection 1(b) GDPR [DSGVO]. The disclosure shall only take place insofar as this is necessary for delivery of the goods. In this case, prior arrangement of the delivery date with DPD/delivery notification is not possible.
Your consent may be revoked at any time with effect for the future vis-à-vis the aforementioned controller or vis-à-vis the transport service provider, DPD.
If the goods are delivered by the transport service provider DHL (Deutsche Post AG, Charles-de-Gaulle-Straße 20, D-53113 Bonn), we will disclose your email address to DHL prior to the delivery of the goods in accordance with Art. 6 Subsection 1(a) GDPR [DSGVO] for the purpose of arranging a delivery date/delivery notification, provided that you have granted your express consent to this in the ordering process. Otherwise, we will only disclose the name of the recipient and the delivery address to DHL in accordance with Art. 6 Subsection 1(b) GDPR [DSGVO]. The disclosure shall only take place insofar as this is necessary for delivery of the goods. In this case, prior arrangement of the delivery date with DHL/delivery notification is not possible.
Your consent may be revoked at any time with effect for the future vis-à-vis the aforementioned controller or vis-à-vis the transport service provider DHL.
Use of payment service providers
When paying by PayPal, credit card via PayPal, direct debit via PayPal or – if offered – via “invoice purchase” or “instalments” via PayPal, we disclose your payment data to PayPal (Europe) S.a.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter “PayPal”). The disclosure occurs in accordance with Art. 6 Subsection 1(b) GDPR and only to the extent that this is necessary for payment processing.
You may object to this processing of your data at any time with a message to PayPal. However, PayPal remains authorised to process your personal data, where necessary, if this is needed for payment processing in accordance with the contract.
If you select one of the payment methods offered by the checkout portal by wirecard payment service provider, the payment processing occurs via the checkout portal by wirecard payment service provider, Wirecard UK & Ireland Ltd, 1st Floor Ulysses House, Foley Street Dublin 1, Ireland, to which we disclose your information provided within the scope of the ordering process, in addition to information about your order (name, address, IBAN (if required), BIC (if required), invoice amount, currency and transaction number (if required)). Your data is exclusively disclosed in accordance with Art. 6 Subsection 1(b) GDPR [DSGVO]for the purpose of payment processing with the checkout portal by wirecard payment service provider. The disclosure of your data only occurs insofar as this is actually necessary for processing the payment.
- Integration of third-party services and content
As part of our Online Services, on the basis of our legitimate interests (i.e. interest in the analysis, optimisation and commercial operation of our Online Services within the meaning of Art. 6 Subsection 1(f) GDPR [DSGVO]), we use third-party content or services in order to integrate their content and services, e.g. videos or fonts (hereinafter uniformly referred to as “content”). This always presupposes that the third-party providers of this content collect users’ IP addresses, as they cannot send the content to the user’s browser without the IP address. Consequently, the IP address is required to present this content. We endeavour to only use such content whose respective providers only use the IP address for delivery of said content. Furthermore, third-party providers can also use so-called pixel tags (invisible graphics also referred to as “web beacons”) for statistical or marketing purposes. With the “pixel tags”, information such as visitor traffic on the pages of this website can be evaluated. The pseudonymised information can also be stored in cookies on the user’s device and, among other things, contain technical information about the browser and operating system, referral URLs, browsing time and other details about the use of our Online Services, as well as be associated with such information from other sources.
The following description provides an overview of third-party providers and their content, alongside links to their data privacy policies, which contain additional information about processing data and objection opportunities, some of which are already referred to here (so-called opt-out):
- Our website uses Google conversion tracking. If you have reached our website through an advertisement that has been placed by Google, a cookie is set on your computer by Google Adwords. The cookie for conversion tracking is stored if a user clicks on an advertisement that is placed by Google. These cookies lose their validity after 30 days and are not used to personally identify you. If the user visits certain websites of ours and the cookie has not yet expired, we and Google can identify that the user has clicked on the advertisement and has been referred to our website this way. Every Google AdWords customer receives a different cookie. Cookies can therefore not be tracked via the websites of AdWords customers. The information obtained using the conversion cookie has the purpose of creating conversion statistics for AdWords customers who have chosen conversion tracking. These customers find out the total number of users who have clicked on their advertisement and have been forwarded to a website with a conversion tracking tag. However, they do not receive any information with which users can be personally identified. If you do not want to participate in tracking, you can reject the required storage of a cookie for this – such as with a browser setting, which generally deactivates the automatic storage of cookies, or set your browser so that cookies are blocked from the googleleadservices.com domain. Please note that you should not delete the opt-out cookies if you do not want any recording of measurement data. If you have deleted all of the cookies in your browser, you must set the respective opt-out cookie again.